At 12:03 PM 5/4/2001 +0100, Michael G Schwern wrote:
>Sure, Unix has ulimits, ipchains, quotas,
>etc... but what about the DumbOS's and the AncientOS's?

You'll want to be careful of the epithets there. For this stuff the world 
is really divided into single-user and multi-user OSes. Unix ranks down at 
the bottom of the list in comparison to most of the other multiuser OSes, 
both in terms of what limits can be placed and what tracking and accounting 
data is collected.

Building a good sandbox with resource limits on a VMS system is trivial. I 
expect it may even be easier with IBM's big iron OSes. It's less trivial 
with Unix, but not bad. Beats me on WindowsNT, though I'd bet it's up to 
the task.

The single-user OSes are more problematic. I don't know that MacOS (before 
OS X) provides the info we need but as of System 7.x it didn't. Nor Win9x, 
or AmigaOS. (Though for those we can still track memory usage)

>IMHO that should be the indicator of whether Perl needs to provide a
>particular sandbox feature.  If we leave it up to the OS, how many
>OS's leave no way (or very difficult ways) to do it.  And how
>radically different are the ones which provide it?

Luckily the security sandbox features are all implementable from within 
perl. It's the resource limitation ones that are trickier, especially CPU time.

                                        Dan

--------------------------------------"it's like this"-------------------
Dan Sugalski                          even samurai
[EMAIL PROTECTED]                         have teddy bears and even
                                      teddy bears get drunk

Reply via email to