Quotas

I don't understand this one, could you please explain what the quotas are for?

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

The quotas are there so you can specify how much memory, CPU time, IO, or events a program running in safe mode is allowed to use. Useful for running untrusted code to prevent, or at least deter, denial of service attacks.

Thanks. A follow-on question,: The restricted interpreters.

Is this/are these a mode or modes of the one interpreter, if so how are the modes to be controlled? Configuration file, CLI switches, pragmas?

Physically seperate interpreter binaries.?

Compilably seperated interpreter(s) controlled by compile time options?

What, if any support is required by the parrot engine to support them?

For quotas, you'll probably need to create a new interpreter to run the quota'd code, plus the permission to actually create a new interpreter. It may be possible to temporarily drop into a piece of code and impose quotas on it without a new interpreter, though once that code exited the quotas would go away. Might be sufficient for one-shot usage.

The rest of the stuff--security, tainting, permissions--probably won't need to have a separate interpreter, at worst needing to drop into another runloop temporarily.

In no case will you need a separate binary, unless you've hacked the heck out of the stock source distribution. A proper safe mode will ship as part of the standard distribution.