lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

Asko Kauppi wrote:
>Imho, this is not a question of Turing-to-or-not but of proper
>sandboxing, right?  I mean, if there's absolutely no way the program
>can contact outside world (read files etc.) then what harm could
>turingness possibly do?

>OTOH, ability to read files etc. would be beneficial in the
>configuration files, so.. it's about where you draw the line. Perhaps
>just disallow any writes? Sandboxing per se is relatively easy with
>Lua.

I think there is one whole class of applications where sandboxing
works fine, and another class where the real issue is Turing-completeness.

A good sandboxing example would be the barbie.com web site that my
daughters think is the main reason for the internet's existence.
You go to the site, and it runs a flash application, which lets
you do things like dress Barbie up in different clothes, give her
a makeover, etc. The application does not and should not read or
write files on my computer. It runs in a sandbox, and everyone's
happy.

OTOH, I think configuration files are a perfect example of something
where sandboxing won't work. The whole point of, say, sendmail's
configuration file is that sendmail is going to handle a bunch of
e-mail messages for me, and that means reading and writing files
on disk. The config file itself may not be a program that says
"write this to this mailbox," but the config file's reason for
existing is to control the behavior of a program that will write
something to a particular mailbox.

I've been thinking about this general idea for several years, and
have several applications in mind that are of interest to me,
personally. One recent example is that I have a copylefted physics
textbook I wrote, which a guy in Belgium is now translating into
French. We were thinking of using a software tool called
po4a (http://po4a.alioth.debian.org/) to manage the French and
English versions in parallel. However, po4a is meant to manipulate
files that are written in Turing-incomplete languages (such as
SGML), whereas my book is written in a Turing-complete language
(TeX). This creates some real difficulties, since it's impossible
for po4a to, in some sense, "understand" a file that's written in
a Turing-complete language.

I actually got as far as beginning to
design a language (a Turing-complete language that would have
a Turing-incomplete subset useful for data description), and then
I started thinking, "Hey, what I'm designing sounds an awful lot
like that language Lua I heard about. Am I reinventing the wheel?"
It's actually a little spooky how similar they were, e.g., I was
thinking of having the essential language construct be a
syntax like this
  (name="Bush" job="president")   ,
which looks an awful lot like
  {name="Bush", job="president"}   !