(I'm back.) Janek Kozicki <janek@xxxxxxxxxx> writes: >> > We have an entire anti-virus industry that only exists because >> > some software vendors encourage executable code mixed within >> > documents. >> It needs to be done with a safe scripting language that can be >> sand-boxed - Any suggestions? One above all: don't worry about it. Reasoning and wondering about possible future problems takes away much energy that would be better devoted to implementing real present things. The simulations we are running in our minds to discuss this are necessarily based on data coming from previous experiences with existing systems of various sorts; we are looking forward to a system of a new sort and we cannot trust our simulations' accuracy, for the good and the bad. > mhm... I suppose all scripting languages under linux are powerful enough > to delete all files that the user permission to erase... > > heck. I don't know what to do with this problem. perhaps we should rely > on whole unix-permissions => safety concept ? I think we should, at least until it really proves not to be enough. In the end it is no different than administering a machine and the programs that get installed; the only risk we could run would be to create a new profession (the `CADmin') and new job positions. ;-) > Execute that data in a fakeroot environment? Yes, execute the data in some fake environment could be an addition to the usual security infrastructure. Whatever the means are to support security, I think they should not have to do with the enforcement of a particular programming language. Giving a chance to everyone to extend the system in their smoothest and easiest way is something I'd rather not give up.