[prev in list] [next in list] [prev in thread] [next in thread]
List: e-lang
Subject: [e-lang] Q: security implications of monitors, getCurrentThread() and getCurrentVat()
From: Constantine Plotnikov <cap () novosoft ! ru>
Date: 2002-10-27 20:10:04
[Download RAW message or body]
Hi!
1. Are there security risks associated with providing methods
getCurrentThread() and getCurrentVat() method in languages
like E? Returned object is not expected to have functionality
other then informational if it will have any, but it should be usable
as key in maps.
2. Are there security risks associated with weaker forms of the
functionality implemented as classes VatLocal and ThreadLocal?
3. Should be creation of java-like monitor to be protected? In java it is
simply attached to every object. If it is not attached to every object but
created explicitly and considered mutable, then at least communication
over deep frozed objects will be impossible, and this is the only problem
with montors that I currently know. If Vats are implemented over threads
in runtime, then there will be need for some synchonization primitives.
I do not see currently any specific risks, but get current vat is currently
used in async-objects internally and is very hard to avoid due inability to
modify java language. E dodges need for getCurrentVat() in the same place,
but uses getCurrentThread() in several places in implementation, and I
do not
see how it could be avoided (ThreadLocal could be used in those places).
If getCurrentThread is wraped into capability, then E will need such
capability
and if component that want to use E for scripting do have such capaibility,
then it will not be able to use E for scripting. Also E uses
synchronization in
Queue class and if creator of E runtime will not have ability to create
monitors,
then E interpreter written in way similar to one written in Java will
not be
creatable.
Constantine
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic