[SEMI-OT] Programming Languages Will Become OSes (But Are Not Quite Yet)

Saw this article/talk mentioned on /.
“Programming Languages Will Become OSes (But Are Not Quite Yet)”

The author discusses (among other things) Perl, Python, and Ruby.

http://www.osnews.com/printer.php?news_id=2548

James Britt
http://www.jamesbritt.com
http://www.rubyxml.com
http://www.ruby-doc.org

Hi.

JamesBritt wrote in comp.lang.ruby:

“Programming Languages Will Become OSes (But Are Not Quite Yet)”
The author discusses (among other things) Perl, Python, and Ruby.

Interesting article.

It would have been nice to see him look at FORTH as well,
the archetypal language-OS.

-mark. (beating the drum again … :wink:

"Programming Languages Will Become OSes (But Are Not Quite Yet)"

From the article

Conclusion: Perl has some sort of sandbox, but it works at the compilation
step only. It's not very flexible and it's not very useful. Perl is also
monolithic and many functions are built into the interpreter. Thus, it is
harder to isolate functionalities.

I like the "some sort of sandbox" :frowning: Apparently it don't know the
problem.

Conclusion: Python has a nice and simple security model. However, rexec
cannot do all kinds of isolation that one might need, like resource
limiting. Guido once also said that rexec is not tested enough and it might
contain security holes.

See the last announcement about rexec

Conclusion: Ruby doesn't have a sandbox (yet).

The P languagues can try to do what I do with PL/Ruby

The author discusses (among other things) Perl, Python, and Ruby.

The author don't seems to know well these languages, particulary the
security part.

Guy Decoux

Would you care to elaborate on what you do from a security/sandboxing
standpoint? I’m interested in this but don’t use Postgres or PL/Ruby.

Thanks,

Robert Feldt

···

On Sat, 18 Jan 2003, ts wrote:

Conclusion: Ruby doesn’t have a sandbox (yet).

The P languagues can try to do what I do with PL/Ruby

Would you care to elaborate on what you do from a security/sandboxing

In english, no :-))

standpoint? I'm interested in this but don't use Postgres or PL/Ruby.

What I wanted to say is that you can define some sandbox or security
models but if you can't (or don't) want to make it secure, you have just a
big security problem.

Guy Decoux

ts wrote:

Would you care to elaborate on what you do from a security/sandboxing
In english, no :-))

i admit i never use PL/Ruby, but am i correct to say that the main
security mechanism utilized is $SAFE==4? or is there any other major
tricks going on? can PL/Ruby do resource limiting by its own (not from
the OS)?

btw, from [2494] i somehow get the impression that there is $SAFE > 4.
is it true? what do $SAFE==5, 6, etc. mean?

···


dave

i admit i never use PL/Ruby, but am i correct to say that the main
security mechanism utilized is $SAFE==4? or is there any other major

When you use plruby, this is like if you begin all your scripts with

  #!/usr/bin/ruby -T4

tricks going on? can PL/Ruby do resource limiting by its own (not from
the OS)?

No, this is a more complex problem, see the mailing list of PostgreSQL to
know why.

Guy Decoux

Lisp used to be an OS, in fact Lisp was the Machine Code. Recall Lisp
Machines? Those were the days.

Lisp, by the way is my LOTY. i’ve studied it before but never did any coding
in it. this time i will at least write some toy scripts. perhaps see how well
Ruby and Lisp (and YAML) can play together.

-transami