[REBOL] Re: A REBOL challenge - The Information World
From: g:santilli:tiscalinet:it at: 7-Dec-2001 12:01
James Marsden wrote:
> On further consideration REBOL is perhaps not the safest choice of language
> for this sort of project as there are lots of security issues involved due
> to its self-modifying abilities.
If you take the SECURE function into consideration, you'll see
that you can be pretty secure; also, the implementation might use
a custom dialect for agents (especially tourists), so that the
amount of risk can be reduced to almost zero. (I'm quite sure the
IW can be made much more secure than Outlook, for example. ;)
> An agent is sent from one zone to another - is scanned by a sentinel for ???
The sentinel might try to find information from the sentinel on
the other side. If the sentinel on the other side says: "This
agent was written by my user, so you can trust it if you trust my
user", it may decide to let the sentinel in and give it permission
to access some of the objects in the bank, or give it a
certificate that allows it to be identified by the other residents
and tourists.
The implementation will need either to address all the issues, or
simply run agents in a very restricted environment, where they
cannot access the filesystem etc.
> eg an agent re-writes the parse function, or the show function, etc. These
> behaviours become almost impossible to prevent by a Sentinel as an agent
On the contrary, protecting the system and unsetting uprotect
might be enough. Or even don't let the agents access system/words,
or resetting system/words at each call (code for doing all of this
has been posted to this list in the past).
> IMHO the only truly safe way to ensure proper security would be to have the
> environment shell in a separate language that cannot be modified by rebol
I respectfully disagree. :)
Regards,
Gabriele.
--
Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer
Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/