Perl 6 Tainting

Does anyone have any rumours, speculation, knowledge (that they are prepared to share) or pointers on what sort if tainting mechanisms are being considered for P6?

Will it be minimalist as now, relying on the coder to do the sensible thing or is the any intention to incorporate a Safe type opcode control, or anything resembling the Java-style policies?

I realise that there are some know the actual state of play on this but they are probably un-prepared to talk about it yet, though even some hints as to what has been discounted would be useful.

Comment on Perl 6 Tainting

Replies are listed 'Best First'.
Re: Perl 6 Tainting by Elian (Parson) on May 12, 2003 at 14:43 UTC
I'm not sure what the syntax for perl 6's security model will look like, but the planned capabilies and semantics have been hashed out, more or less. They include: Data tainting and taint checking Quotas Restricted capability interpreters. (More or less safe mode) Fine-grained priviliges when running in a restricted interpreter At some point we need to sit down and hash out something in more detail, but for right now that's at least the feature list.	[reply]
Re: Re: Perl 6 Tainting by Juerd (Abbot) on May 12, 2003 at 15:10 UTC
Quotas I don't understand this one, could you please explain what the quotas are for? Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }	[reply]
Re: Re: Re: Perl 6 Tainting by Elian (Parson) on May 12, 2003 at 15:25 UTC
The quotas are there so you can specify how much memory, CPU time, IO, or events a program running in safe mode is allowed to use. Useful for running untrusted code to prevent, or at least deter, denial of service attacks.	[reply]
Re: Re: Perl 6 Tainting by Anonymous Monk on May 13, 2003 at 02:11 UTC
Thanks. A follow-on question,: The restricted interpreters. Is this/are these a mode or modes of the one interpreter, if so how are the modes to be controlled? Configuration file, CLI switches, pragmas? Physically seperate interpreter binaries.? Compilably seperated interpreter(s) controlled by compile time options? What, if any support is required by the parrot engine to support them?	[reply]
Re: Re: Re: Perl 6 Tainting by Elian (Parson) on May 13, 2003 at 17:22 UTC
For quotas, you'll probably need to create a new interpreter to run the quota'd code, plus the permission to actually create a new interpreter. It may be possible to temporarily drop into a piece of code and impose quotas on it without a new interpreter, though once that code exited the quotas would go away. Might be sufficient for one-shot usage. The rest of the stuff--security, tainting, permissions--probably won't need to have a separate interpreter, at worst needing to drop into another runloop temporarily. In no case will you need a separate binary, unless you've hacked the heck out of the stock source distribution. A proper safe mode will ship as part of the standard distribution.	[reply]
Re: Perl 6 Tainting by diotalevi (Canon) on May 12, 2003 at 13:40 UTC
I recall there was some discussion long-long ago for something that it would support Capabilities. I figure this is related so I'm chucking this in here as well.	[reply]