Ecru
Remember how I was talking about restricted execution, and mentioned that thing "Monte" that doesn't actually exist? Well actually I was trying to refer to Ecru, a new E implementation in C. After being announced to positive reactions on the E mailing list, Allen posted on his blog about Ecru and why he started the project.
I'm excited about this project. E is a language which is specifically designed to solve the types of problems that I want to solve, but Ecru has a long way to go until it gets there. I hope it gets more contributors!
As for Lua: I do think it's feasible for some serious restricted execution work (or at least I think it might be - I haven't really proven it yet), but I'd much prefer Ecru, because E is so much more sensible a language.
2 comments:
hi,
very cool :)
Also note, that work has been going on with tinypy.org
It's not finished yet, but already there is work going on with verification of byte code, memory restrictions, cpu restrictions, sandboxing, lots of test cases to prove correctness etc.
Also the code is still being kept quite small(tiny). So future audits should be able to be completed in a fairly small amount of time.
No OS level limits have been put in yet, but hopefully they should be added too... for another layer of protection.
The main problem with tinypy is... it's still python. Which most importantly means, no encapsulation. Sandboxing means you can protect the rest of your system from the sandboxed code, but without encapsulation there's no way for objects to be protected from each other.
Post a Comment