Roxen Mailing List Mirror

roxen.lists.pike.general

Subject	Author	Date
More questions: timed thread IPC & Sandboxing	Linda Messerschmidt <linda[dot]messerschmidt[at]gmail[dot]com>	21-01-2009
I have been playing around Pike some more and I was shocked by how easy it was to put together the thread basics for my app. I am pretty much convinced that this is the way we need to go, especially after my previous question turned out so well! I do have a couple of other questions though. The easier one: My app needs to do a timed wait between threads... all I want is for one thread to wait a few seconds for a message that may or may not arrive from another thread. If the message doesn't show up, I just want it to give up rather than sleep forever. I accidentally coded my own thread-safe Queue for this before I realized there already was one, but both sleep forever if the message doesn't arrive. I looked at setting a timeout with alarm() but since Unix signal delivery isn't thread-safe, I don't think that will work. The current C++ version does this with select(). I'm pretty sure I can find a way to do the equivalent in Pike, but is there an easy/standard way? The harder one: compile_string() will let me let the user do whatever they want, which is absolutely the goal but this is just supposed to be a control language for our modeler, so there's no reason to allow extra functionality. At first I thought I could just pull the library modules I didn't want them to have, but then I realized that I'd need stuff that for the core of the app. I don't expect actual maliciousness, but I would like to do what I can to protect the system from catastrophic user error and casual prodding. I don't want to have to clean up if somebody tries to open a Gtk debug window in a loop that winds up getting called a few hundred thousand times. :) Mainly I want to stop them from writing files, creating threads, or using any windowing/graphical stuff. Is there any way, however crazy, to "taint" parts of the program, or put them in a sandbox, and prevent them from accessing stuff I designate off-limits? Is this where that "master" stuff I saw in the discussion archives comes in? Or is it just not possible? Thanks again for any suggestions! -LM

Subject

Author

Date

More questions: timed thread IPC & Sandboxing

Linda Messerschmidt <linda[dot]messerschmidt[at]gmail[dot]com>

21-01-2009

I have been playing around Pike some more and I was shocked by how
easy it was to put together the thread basics for my app.  I am pretty
much convinced that this is the way we need to go, especially after my
previous question turned out so well!

I do have a couple of other questions though.

The easier one:

My app needs to do a timed wait between threads... all I want is for
one thread to wait a few seconds for a message that may or may not
arrive from another thread.  If the message doesn't show up, I just
want it to give up rather than sleep forever.  I accidentally coded my
own thread-safe Queue for this before I realized there already was
one, but both sleep forever if the message doesn't arrive. I looked at
setting a timeout with alarm() but since Unix signal delivery isn't
thread-safe, I don't think that will work.  The current C++ version
does this with select().

I'm pretty sure I can find a way to do the equivalent in Pike, but is
there an easy/standard way?

The harder one:

compile_string() will let me let the user do whatever they want, which
is absolutely the goal but this is just supposed to be a control
language for our modeler, so there's no reason to allow extra
functionality.  At first I thought I could just pull the library
modules I didn't want them to have, but then I realized that I'd need
stuff that for the core of the app.

I don't expect actual maliciousness, but I would like to do what I can
to protect the system from catastrophic user error and casual
prodding.  I don't want to have to clean up if somebody tries to open
a Gtk debug window in a loop that winds up getting called a few
hundred thousand times. :)

Mainly I want to stop them from writing files, creating threads, or
using any windowing/graphical stuff.  Is there any way, however crazy,
to "taint" parts of the program, or put them in a sandbox, and prevent
them from accessing stuff I designate off-limits?  Is this where that
"master" stuff I saw in the discussion archives comes in?  Or is it
just not possible?

Thanks again for any suggestions!

-LM

Roxen & Pike List Archives

roxen.lists.pike.general