From: Pascal J. Bourguignon on 19 Jan 2010 15:24 Helmut Eller <eller.helmut(a)gmail.com> writes: > * Frode V. Fjeld [2010-01-19 13:54+0100] writes: > >> I don't know that there's anything with Firefox that would be impossible >> or even more difficult to do on a lispm than e.g. linux. Other than the >> sheer amount of work required to implement a browser, that is. > > Isolation? Unix uses the MMU to isolate process from each other. That > makes it fairly safe to execute programs written in low level languages > like C or assembler. The accessible memory is protected by the MMU and > everything else must be done via syscalls. > > On the Lisp Machine every program had (intentionally) access to the > whole machine. That simplified debugging. On the downside, a bug in > one program could bring down the entire machine. In Unix terms, there > was no distinction between user space and kernel space. > > Isolation also forced the Unix people to invent shared libraries so that > at read-only data/code could be shared safely. Nothing like that existed > on Lisp Machines, or does it? > > I would not want to use an OS that doesn't provide isolation. So you can happily use an OS written in lisp, without a hardware MMU. (let ((v1 (vector 1 2 3))) (defun f (x) (if (<= 0 x 2) (aref v1 x)))) (defun g (v i) (setf (aref v i) 0)) There is no way to call g so that it modify v1: there is isolation in lisp! -- __Pascal Bourguignon__ http://www.informatimago.com/
From: Tim Bradshaw on 19 Jan 2010 15:27 On 2010-01-19 12:54:00 +0000, "Frode V. Fjeld" <frode(a)netfonds.no> said: > I don't know that there's anything with Firefox that would be impossible > or even more difficult to do on a lispm than e.g. linux. Other than the > sheer amount of work required to implement a browser, that is. > > Firefox I believe can execute "internet code" either by running a > downloaded executable, in which case all bets are off, or it can run > something like javascript, flash, or java applets, all of which are > examples of virtual machines that could be implemented on a lispm just > as well as on linux. Well, it's fairly well known that these things are pretty leaky (in the "leaking information" sense), with a fairly large number of resulting attacks. People are now implementing browsers which enforce a much stronger isolation between components, by making use of the address-space isolation provided by the OS the browser runs on. That simply would not be available on a LispM at all.
From: Antony on 19 Jan 2010 16:05 Tamas K Papp wrote: > >> Classic multi user setup is pretty much obsolete these days. Even in > > $ ps -eo euser | sort | uniq > avahi > daemon > dictd > haldaemon > messagebus > postfix > root > syslog > tpapp > > Sorry, you were saying? > whats the point, why couldn't they all be running as Tamas?
From: Helmut Eller on 20 Jan 2010 02:19 * Pascal J. Bourguignon [2010-01-19 21:24+0100] writes: > So you can happily use an OS written in lisp, without a hardware MMU. > > (let ((v1 (vector 1 2 3))) > (defun f (x) > (if (<= 0 x 2) (aref v1 x)))) > > (defun g (v i) > (setf (aref v i) 0)) > > There is no way to call g so that it modify v1: there is isolation in lisp! Tell me your implementation and I'll show how to modify v1. Since all current cl implementations use in-process debugging, it pretty easy to use the debugging facilities to extract v1 from the closure stored in F's function slot. E.g. for CLISP, which seems your favorite implementation, you could do: (compile 'f) (setq vv (aref (nth 2 (sys::closure-consts #'f)) 1)) (g vv 1) (f 1) => 0 Helmut
From: mdj on 20 Jan 2010 02:44
On Jan 19, 9:03 pm, Antony <spam+lisp_dot_li...(a)gmail.com> wrote: > I know people might run apache as one user and mysql as another, > personally i think it means little in a controlled webserver farm > environment. Nonsense. Any service exposed to the internet is an potential remote attack vector. For this reason services like apache run in a user group with as little privilege as one can get away with, to lessen the chance that a remote exploit can gain control of the entire machine. Matt |