[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Profiles/manifests-related command line interface enhancements
From: |
Andy Wingo |
Subject: |
Re: Profiles/manifests-related command line interface enhancements |
Date: |
Tue, 12 Nov 2019 09:55:27 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
On Sun 10 Nov 2019 10:36, Konrad Hinsen <address@hidden> writes:
> One direction could be to add a sandboxing feature to Guile, which would
> be nice-to-have for other uses as well if Guile is to become a
> general-purpose systems scripting language. There are some interesting
> ideas in shill (http://shill.seas.harvard.edu/) for this scenario.
I wrote this for that purpose:
https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html
However I can't recommend it as a robust security layer because of the
weaknesses in the heap allocation limit; discussed in the page above.
I agree that Shill has some great patterns that go beyond what Guile or
Guix has, and that adopting some of them is a really interesting idea
:-)
I admit that I was a bit depressed at the impact that Spectre et al has
had on language-level sandboxing abstractions :-( and haven't much
pursued this line since then. In practice Guix's "containerized" build
jobs are much more effective than in-language barriers.
Cheers,
Andy
- Re: Profiles/manifests-related command line interface enhancements, (continued)
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/07
- Re: Profiles/manifests-related command line interface enhancements, Ludovic Courtès, 2019/11/06
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/07
- Re: Profiles/manifests-related command line interface enhancements, Pierre Neidhardt, 2019/11/07
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/07
- Re: Profiles/manifests-related command line interface enhancements, Pierre Neidhardt, 2019/11/07
- Re: Profiles/manifests-related command line interface enhancements, Ludovic Courtès, 2019/11/09
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/10
- A better XML, config is code (was Re: Profiles/manifests-related command line...), Giovanni Biscuolo, 2019/11/11
- Re: A better XML, config is code (was Re: Profiles/manifests-related command line...), Konrad Hinsen, 2019/11/13
- Re: Profiles/manifests-related command line interface enhancements,
Andy Wingo <=
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/12
- Re: Profiles/manifests-related command line interface enhancements, Bengt Richter, 2019/11/13
- Re: Profiles/manifests-related command line interface enhancements, Ludovic Courtès, 2019/11/16
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/17
- Re: Profiles/manifests-related command line interface enhancements, zimoun, 2019/11/18
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/19
- Re: Profiles/manifests-related command line interface enhancements, Ludovic Courtès, 2019/11/23
- Re: Profiles/manifests-related command line interface enhancements, Konrad Hinsen, 2019/11/25
- On DSLs, Ludovic Courtès, 2019/11/26
- Re: Profiles/manifests-related command line interface enhancements, Hartmut Goebel, 2019/11/11