This is the mail archive of the
kawa@sources.redhat.com
mailing list for the Kawa project.
Re: security features for kawa
Thomas Kirk wrote:
I've modified Kawa's classloaders to support annotation of compiled code
to work with the java security manager, so that scheme code may be
subject to runtime permission checking. Given the way code is loaded in
Kawa, this allows very fine-grained sandboxing -- permissions can be
assigned at the granularity of individual functions. In my application,
this has been a useful mechanism for containment of code that is
distributed at runtime, and for controlling resource access by
untrusted code.
Sounds interesting! Not anything I have experience with myself.
I can contribute this functionality back into the Kawa codebase if others
are interested. It would need some additional work to be made ready for
general use, so I'd like to gauge interest before submitting patches.
A requirement is that you document the new functionality.
Perhaps you could do that first (presumably you'd want to do
taht for our own use, anyway), so we can understand what the new
functionality allows. That would make it easier to evaluate
your patches.
I can convert between formats, though a format I don't have to
manually convert is of course preferable. (Currently the documentation
is an incoherent mix of texinfo for the main kawa manual/website;
docbook-xml for the internals manual and some papers; and hand-written
[x]html for other parts, such as the Qexo site. And there's a
little-used wiki site.)
--
--Per Bothner
per@bothner.com http://per.bothner.com/