[REBOL] Re: A REBOL challenge - The Information World
From: james:mustard at: 5-Dec-2001 23:23
On further consideration REBOL is perhaps not the safest choice of language
for this sort of project as there are lots of security issues involved due
to its self-modifying abilities.
In theory it would be rather simple to create a P2P agent world with REBOL
but in practice you would have to severely limit the freedoms of the agents
involved - almost to the point of re-writing the language. Let me give you
some scenarios as an example:
An agent is sent from one zone to another - is scanned by a sentinel for ???
The agent is then activated - at which point it begins to execute itself
(assuming some sort of rate timer).
If the agent posesses a physical face the possibility of malicious code is a
very real threat - an agent could bring down an entire node by just
accessing self/parent-face/... etc and deleting nodes.
Other more insidious behaviours could also be initiated where an agent
overwrites global functions and replaces them with its own ones,
eg an agent re-writes the parse function, or the show function, etc. These
behaviours become almost impossible to prevent by a Sentinel as an agent
could (due to the power of REBOL) just hide command strings in an encrypted
format and then decompress and run them with a little remold, do etc..
The only way to guarentee that none of this behaviour (from what I know of
REBOL so far) is to either NEVER let an agent become autonomous to the point
of being allowed to execute, to use non-changable templates for all agents
that are checksummed for validity (this limits AI learning etc), or to never
open up your local nodes to the rest of the world which kind of defeats the
purpose of the exercise.
IMHO the only truly safe way to ensure proper security would be to have the
environment shell in a separate language that cannot be modified by rebol
agents directly except in predefined ways- thus limiting self expansion or
remote modification of nodes.
Just my 5c :)