From: Pascal J. Bourguignon on
Helmut Eller <eller.helmut(a)gmail.com> writes:

> * Frode V. Fjeld [2010-01-19 13:54+0100] writes:
>
>> I don't know that there's anything with Firefox that would be impossible
>> or even more difficult to do on a lispm than e.g. linux. Other than the
>> sheer amount of work required to implement a browser, that is.
>
> Isolation? Unix uses the MMU to isolate process from each other. That
> makes it fairly safe to execute programs written in low level languages
> like C or assembler. The accessible memory is protected by the MMU and
> everything else must be done via syscalls.
>
> On the Lisp Machine every program had (intentionally) access to the
> whole machine. That simplified debugging. On the downside, a bug in
> one program could bring down the entire machine. In Unix terms, there
> was no distinction between user space and kernel space.
>
> Isolation also forced the Unix people to invent shared libraries so that
> at read-only data/code could be shared safely. Nothing like that existed
> on Lisp Machines, or does it?
>
> I would not want to use an OS that doesn't provide isolation.

So you can happily use an OS written in lisp, without a hardware MMU.

(let ((v1 (vector 1 2 3)))
(defun f (x)
(if (<= 0 x 2) (aref v1 x))))

(defun g (v i)
(setf (aref v i) 0))

There is no way to call g so that it modify v1: there is isolation in lisp!


--
__Pascal Bourguignon__ http://www.informatimago.com/
From: Tim Bradshaw on
On 2010-01-19 12:54:00 +0000, "Frode V. Fjeld" <frode(a)netfonds.no> said:

> I don't know that there's anything with Firefox that would be impossible
> or even more difficult to do on a lispm than e.g. linux. Other than the
> sheer amount of work required to implement a browser, that is.
>
> Firefox I believe can execute "internet code" either by running a
> downloaded executable, in which case all bets are off, or it can run
> something like javascript, flash, or java applets, all of which are
> examples of virtual machines that could be implemented on a lispm just
> as well as on linux.

Well, it's fairly well known that these things are pretty leaky (in the
"leaking information" sense), with a fairly large number of resulting
attacks. People are now implementing browsers which enforce a much
stronger isolation between components, by making use of the
address-space isolation provided by the OS the browser runs on. That
simply would not be available on a LispM at all.

From: Antony on
Tamas K Papp wrote:
>
>> Classic multi user setup is pretty much obsolete these days. Even in
>
> $ ps -eo euser | sort | uniq
> avahi
> daemon
> dictd
> haldaemon
> messagebus
> postfix
> root
> syslog
> tpapp
>
> Sorry, you were saying?
>
whats the point, why couldn't they all be running as Tamas?
From: Helmut Eller on
* Pascal J. Bourguignon [2010-01-19 21:24+0100] writes:

> So you can happily use an OS written in lisp, without a hardware MMU.
>
> (let ((v1 (vector 1 2 3)))
> (defun f (x)
> (if (<= 0 x 2) (aref v1 x))))
>
> (defun g (v i)
> (setf (aref v i) 0))
>
> There is no way to call g so that it modify v1: there is isolation in lisp!

Tell me your implementation and I'll show how to modify v1. Since all
current cl implementations use in-process debugging, it pretty easy to use
the debugging facilities to extract v1 from the closure stored in F's
function slot. E.g. for CLISP, which seems your favorite
implementation, you could do:

(compile 'f)
(setq vv (aref (nth 2 (sys::closure-consts #'f)) 1))
(g vv 1)
(f 1) => 0

Helmut
From: mdj on
On Jan 19, 9:03 pm, Antony <spam+lisp_dot_li...(a)gmail.com> wrote:

> I know people might run apache as one user and mysql as another,
> personally i think it means little in a controlled webserver farm
> environment.

Nonsense. Any service exposed to the internet is an potential remote
attack vector. For this reason services like apache run in a user
group with as little privilege as one can get away with, to lessen the
chance that a remote exploit can gain control of the entire machine.

Matt