"Joshua Hoblitt" <[EMAIL PROTECTED]> wrote:
I think your slightly confusing OPs and PMCs. Presumably the *dir
functionality would be implemented as OP codes
I thought The Plan was to have all the I/O stuff done with PMCs rather than
ops in the end. There's no real benefit in having ops - the delays that you
get through doing I/O make the time difference between an op and a PMC
method call insignificant. Security wise, the PMCs can be implemented to
ensure that sufficient privs are available to perform the operation being
requested of them.
I agree with Chris on minimising the amount of places we do security stuff
as far as is sensible. However, I would think that the interface for doing
sandboxing style stuff would allow restriction of certain types of operation
(e.g. filesystem access) rather than individual operations though, so as to
help eliminate the moving target issue.
Ah, and note that this is all conjectural on my part, and not The Design.
:-)
Jonathan
