Sam Mason wrote:
> On Thu, May 27, 2010 at 11:09:26PM -0400, Tom Lane wrote:
>
>> David Fetter <david@fetter.org> writes:
>>
>>> I don't know about a *good* idea, but here's the one I've got.
>>>
>>> 1. Make a whitelist. This is what needs to work in order for a
>>> language to be a fully functional trusted PL.
>>>
>> Well, I pretty much lose interest right here, because this is already
>> assuming that every potentially trusted PL is isomorphic in its
>> capabilities.
>>
>
> That's not normally a problem. The conventional way would be to place
> the interpreter in its own sandbox, similar to how Chrome has each tab
> running in its own process. These processes are protected in a way
> so that the code running inside them can't do any harm--e.g. a ptrace
> jail[1]. This is quite a change from existing pl implementations, and
> present a different set of performance/compatibility issues.
>
>
I have my own translation of this last sentence.
cheers
andrew