From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Arbitrary Sandbox
Date: Tue, 21 Feb 2012 09:36:41 +0100
Date: 2012-02-21T09:36:41+01:00 [thread overview]
Message-ID: <1fkgdlidn0v80$.kjvkmk7y29vo$.dlg@40tude.net> (raw)
In-Reply-To: wccvcn1nl0x.fsf@shell01.TheWorld.com
On Mon, 20 Feb 2012 18:27:10 -0500, Robert A Duff wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>
>> On Sat, 18 Feb 2012 13:55:48 -0500, Robert A Duff wrote:
>>
>>> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>>>
>>>> I wonder what kind of architecture could require a safe implementation of
>>>> Ada, e.g. when private parts of packages and protected objects would be
>>>> mapped onto the memory physically inaccessible from public contexts.
>>>
>>> The kind of architecture that is overly complicated
>>> and grossly inefficient. Imagine a private type with
>>> discriminants. The discriminant of each object is visible
>>> to clients; other components are not. Or imagine a private
>>> extension of a (visible) record extension. What about the
>>> fact that some portion (not all) of a child package has
>>> visibility on the private part (but not the body) of the
>>> parent package?
>>>
>>> Why do work at run time that can be done at compile time?
>>
>> Because it cannot (in presence of Unchecked_Conversion and similar stuff).
>
> If U_C etc. causes trouble, use Java. Or use a subset of Ada that
> doesn't allow such features. I really can't imagine a sensible way to
> use such features and check them at run time.
Of course there is. Do you remember the last time U_C crashed Windows or
Linux?
>>> Implementing things in hardware doesn't magically make
>>> them free.
>>
>> It makes them incomputable. In a secure environment you wanted certain
>> things to become incomputable for non-trusted clients, e.g. reading user
>> passwords.
>
> Sure, but Ada's visibility features (private types and the like)
> are not designed for security.
Yes, but they could be a good start. (If there were any interest. No need
to tell that there is none)
> Use other means for that (like protection based on paging).
That is low-level and inherently based on pointers.
>>> Putting high-level support for higher-level languages in hardware
>>> has been tried a number of times, and it's always been a bad idea.
>>
>> Maybe so. But this is a different case, because memory protection and
>> segmentation support is already there. Why no high-level language uses it?
>
> You mean "already there" in 386/pentium? Languages don't use it because
> it's inefficient, and because whatever segmentation can do can be done
> better by some combination of software and paging.
That was my point. There is a disconnect in the designs of the hardware and
higher level languages. You said it must be so. I disagree. There is no
other reason for that than the dark ages we are living at. Nobody invests
anything in serious language, OS, hardware design.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2012-02-21 8:36 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 23:47 Arbitrary Sandbox Rob Shea
2012-02-10 0:10 ` Rob Shea
2012-02-10 2:01 ` Tez
2012-02-10 2:21 ` Rob Shea
2012-02-10 2:47 ` Tez
2012-02-10 4:11 ` Shark8
2012-02-13 2:23 ` BrianG
2012-02-10 4:17 ` tmoran
2012-02-10 4:41 ` Rob Shea
2012-02-10 6:15 ` Jeffrey Carter
2012-02-10 6:18 ` Rob Shea
2012-02-10 19:39 ` Jeffrey Carter
2012-02-10 6:19 ` Thomas Løcke
2012-02-10 9:32 ` Rob Shea
2012-02-10 10:09 ` Thomas Løcke
2012-02-10 11:39 ` Ludovic Brenta
2012-02-10 12:05 ` Brian Drummond
2012-02-11 10:32 ` Maciej Sobczak
2012-02-11 11:39 ` Dmitry A. Kazakov
2012-02-11 21:15 ` Maciej Sobczak
2012-02-11 21:38 ` Dmitry A. Kazakov
2012-02-11 23:05 ` Rob Shea
2012-02-13 2:10 ` Tez
2012-02-13 9:08 ` Yannick Duchêne (Hibou57)
2012-02-13 16:28 ` Pascal Obry
2012-02-10 9:47 ` Georg Bauhaus
2012-02-10 11:45 ` Erich
2012-02-10 11:48 ` Ludovic Brenta
2012-02-11 6:11 ` Rob Shea
2012-02-12 2:10 ` Randy Brukardt
2012-02-12 8:40 ` björn lundin
2012-02-14 0:26 ` Shark8
2012-02-15 21:07 ` Randy Brukardt
2012-02-15 22:10 ` Yannick Duchêne (Hibou57)
2012-02-18 4:47 ` Shark8
2012-02-18 8:26 ` Dmitry A. Kazakov
2012-02-18 10:45 ` Yannick Duchêne (Hibou57)
2012-02-18 11:31 ` Dmitry A. Kazakov
2012-02-18 11:58 ` Niklas Holsti
2012-02-18 12:57 ` Yannick Duchêne (Hibou57)
2012-02-18 18:55 ` Robert A Duff
2012-02-18 19:24 ` Niklas Holsti
2012-02-18 20:06 ` tmoran
2012-02-18 21:53 ` Niklas Holsti
2012-02-18 22:58 ` Robert A Duff
2012-02-19 0:47 ` tmoran
2012-02-20 23:39 ` Robert A Duff
2012-02-21 3:29 ` tmoran
2012-02-21 17:17 ` tmoran
2012-02-21 21:03 ` Robert A Duff
2012-03-06 0:52 ` Randy Brukardt
2012-02-20 22:52 ` Adam Beneschan
2012-02-18 23:03 ` BrianG
2012-02-19 8:45 ` Dmitry A. Kazakov
2012-02-20 23:27 ` Robert A Duff
2012-02-21 8:36 ` Dmitry A. Kazakov [this message]
2012-02-21 9:59 ` Simon Wright
2012-02-21 10:59 ` Dmitry A. Kazakov
2012-02-21 17:25 ` Robert A Duff
2012-02-21 18:53 ` Dmitry A. Kazakov
2012-02-21 21:19 ` Robert A Duff
2012-02-22 8:24 ` Dmitry A. Kazakov
2012-02-21 21:25 ` Yannick Duchêne (Hibou57)
2012-02-22 8:26 ` Dmitry A. Kazakov
2012-02-21 8:47 ` Georg Bauhaus
2012-02-21 16:58 ` Robert A Duff
2012-03-06 1:06 ` Randy Brukardt
2012-03-07 5:43 ` Yannick Duchêne (Hibou57)
2012-03-07 13:05 ` Robert A Duff
2012-03-07 19:32 ` tmoran
2012-03-07 20:24 ` Dmitry A. Kazakov
2012-03-08 0:50 ` Robert A Duff
2012-03-08 1:50 ` tmoran
2012-03-08 11:01 ` Brian Drummond
2012-03-08 1:01 ` Shark8
2012-03-08 1:33 ` Randy Brukardt
2012-02-20 20:52 ` Tero Koskinen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox