I was wondering the other day -- how did Lisp Machine (users) deal with
executing code from untrusted sources? Did they have some sort of
sandbox mechanism, or was it never an issue? I can't imagine them
reading every single line of code someone emailed/handed them on a
tape/etc before running it.
In article <························@m58g2000cwm.googlegroups.com>,
"Faried Nawaz" <······@gmail.com> wrote:
> I was wondering the other day -- how did Lisp Machine (users) deal with
> executing code from untrusted sources? Did they have some sort of
> sandbox mechanism, or was it never an issue? I can't imagine them
> reading every single line of code someone emailed/handed them on a
> tape/etc before running it.
They didn't deal with it at all. This was a much simpler time, before
the days when anyone could get on the Internet. We pretty much knew and
trusted each other, like small towns of the past where there were no
locks on the doors and kids could roam free without constant parental
supervision.
--
Barry Margolin, ······@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
Barry Margolin wrote:
> In article <························@m58g2000cwm.googlegroups.com>,
> "Faried Nawaz" <······@gmail.com> wrote:
>
>> I was wondering the other day -- how did Lisp Machine (users) deal with
>> executing code from untrusted sources? Did they have some sort of
>> sandbox mechanism, or was it never an issue? I can't imagine them
>> reading every single line of code someone emailed/handed them on a
>> tape/etc before running it.
>
> They didn't deal with it at all. This was a much simpler time, before
> the days when anyone could get on the Internet. We pretty much knew and
> trusted each other, like small towns of the past where there were no
> locks on the doors and kids could roam free without constant parental
> supervision.
>
...and soap windows and blow up mailboxes and shoot each other with bb
guns. Damn Internet spoiled everything :)
> Barry Margolin wrote:
> > In article <························@m58g2000cwm.googlegroups.com>,
> > "Faried Nawaz" <······@gmail.com> wrote:
> >
> >> I was wondering the other day -- how did Lisp Machine (users) deal with
> >> executing code from untrusted sources? Did they have some sort of
> >> sandbox mechanism, or was it never an issue? I can't imagine them
> >> reading every single line of code someone emailed/handed them on a
> >> tape/etc before running it.
This is a good general question -- I think I recall that Python had a
sandbox but it was removed from 2.4(2.5?) because there were security
holes.
My favorite example of a "sandbox" (not quite, but the idea is similar)
is Valgrind (valgrind.org), which is an x86 emulator that traps memory
bugs. It's mainly meant for C programs as it reads debug symbols in
the executable.
I'm guessing a CL sandbox would just be a CL running within a CL; it
would have its own symbol namespace and could check instructions for
security before applying them. The problem is, once you allow an FFI
in the sandbox, you basically need a sandbox for binaries too!
Maybe the right solution is a virtual machine?
mfh