Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: A REBOL challenge - The Information World

From: james:mustard at: 5-Dec-2001 23:23

Hi Gabriele, On further consideration REBOL is perhaps not the safest choice of language for this sort of project as there are lots of security issues involved due to its self-modifying abilities. In theory it would be rather simple to create a P2P agent world with REBOL but in practice you would have to severely limit the freedoms of the agents involved - almost to the point of re-writing the language. Let me give you some scenarios as an example: An agent is sent from one zone to another - is scanned by a sentinel for ??? The agent is then activated - at which point it begins to execute itself (assuming some sort of rate timer). If the agent posesses a physical face the possibility of malicious code is a very real threat - an agent could bring down an entire node by just accessing self/parent-face/... etc and deleting nodes. Other more insidious behaviours could also be initiated where an agent overwrites global functions and replaces them with its own ones, eg an agent re-writes the parse function, or the show function, etc. These behaviours become almost impossible to prevent by a Sentinel as an agent could (due to the power of REBOL) just hide command strings in an encrypted format and then decompress and run them with a little remold, do etc.. The only way to guarentee that none of this behaviour (from what I know of REBOL so far) is to either NEVER let an agent become autonomous to the point of being allowed to execute, to use non-changable templates for all agents that are checksummed for validity (this limits AI learning etc), or to never open up your local nodes to the rest of the world which kind of defeats the purpose of the exercise. IMHO the only truly safe way to ensure proper security would be to have the environment shell in a separate language that cannot be modified by rebol agents directly except in predefined ways- thus limiting self expansion or remote modification of nodes. Just my 5c :) James