[clug] Process sandboxing

Kevin Pulo kev at pulo.com.au
Mon Jul 18 05:59:52 MDT 2011

On Fri, Jul 15, 2011 at 01:39:24PM +1000, Peter Barker wrote:

> uOn Thu, 14 Jul 2011, jm wrote:
> >scripts to a server for it to run with the only way to communicate
> >out being via functions I provide. It seems all the most common
> >scripting languages make it nearly impossible to easily
> >remove/limit functionality from the language. So the overhead of
> >going that way would be a killer most likely
> Perl's Safe?  I've used it quite happily and does what you seem to
> describe here.

It occurred to me that Tcl might fit this bill nicely, too.  You can
setup slave interpreters, and it's very easy to delete or wrap/adjust
any commands, including native ones.  It looks like Safe-Tcl (which
comes with Tcl) is already geared towards the idea of running
semi-trusted scripts in a sandboxed kind of way.


Kevin Pulo
kev at pulo.com.au
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/linux/attachments/20110718/52cf89de/attachment.pgp>

More information about the linux mailing list