[clug] Process sandboxing
Kevin Pulo
kev at pulo.com.au
Mon Jul 18 05:59:52 MDT 2011
On Fri, Jul 15, 2011 at 01:39:24PM +1000, Peter Barker wrote:
> uOn Thu, 14 Jul 2011, jm wrote:
>
> >scripts to a server for it to run with the only way to communicate
> >out being via functions I provide. It seems all the most common
> >scripting languages make it nearly impossible to easily
> >remove/limit functionality from the language. So the overhead of
> >going that way would be a killer most likely
>
> Perl's Safe? I've used it quite happily and does what you seem to
> describe here.
It occurred to me that Tcl might fit this bill nicely, too. You can
setup slave interpreters, and it's very easy to delete or wrap/adjust
any commands, including native ones. It looks like Safe-Tcl (which
comes with Tcl) is already geared towards the idea of running
semi-trusted scripts in a sandboxed kind of way.
Kev
--
Kevin Pulo
kev at pulo.com.au
http://www.kev.pulo.com.au/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/linux/attachments/20110718/52cf89de/attachment.pgp>
More information about the linux
mailing list