[cad-linux] Re: File formats - executable data
- From: Massimiliano Mirra <mmirra@xxxxxxxxx>
- To: cad-linux@xxxxxxxxxxxxx
- Date: Mon, 15 Sep 2003 22:45:25 +0200
(I'm back.)
Janek Kozicki <janek@xxxxxxxxxx> writes:
>> > We have an entire anti-virus industry that only exists because
>> > some software vendors encourage executable code mixed within
>> > documents.
>> It needs to be done with a safe scripting language that can be
>> sand-boxed - Any suggestions?
One above all: don't worry about it. Reasoning and wondering about
possible future problems takes away much energy that would be better
devoted to implementing real present things.
The simulations we are running in our minds to discuss this are
necessarily based on data coming from previous experiences with
existing systems of various sorts; we are looking forward to a system
of a new sort and we cannot trust our simulations' accuracy, for the
good and the bad.
> mhm... I suppose all scripting languages under linux are powerful enough
> to delete all files that the user permission to erase...
>
> heck. I don't know what to do with this problem. perhaps we should rely
> on whole unix-permissions => safety concept ?
I think we should, at least until it really proves not to be enough.
In the end it is no different than administering a machine and the
programs that get installed; the only risk we could run would be to
create a new profession (the `CADmin') and new job positions. ;-)
> Execute that data in a fakeroot environment?
Yes, execute the data in some fake environment could be an addition to
the usual security infrastructure. Whatever the means are to support
security, I think they should not have to do with the enforcement of a
particular programming language. Giving a chance to everyone to
extend the system in their smoothest and easiest way is something I'd
rather not give up.
Other related posts:
