[6009] in www-talk@info.cern.ch
Re: How about a Safe Virtual Machine?
daemon@ATHENA.MIT.EDU (Jim Davis)
Mon Oct 3 20:24:38 1994
Date: Tue, 4 Oct 1994 01:20:24 +0100
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: davis@DRI.cornell.edu
From: Jim Davis <davis@DRI.cornell.edu>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Safety, by the way, should not require reading the source code.
Two reasons for this.
1) I want to protect the privacy of my agents. They may embody
private or proprietary material. For example, my negotiating
position. Imagine walking into the bargaining room where the
other side has been allowed to xray your briefcase.
2) Security should not be require that you understand the code to be
executed ("Even though it does contain a call to rm ** it's in
a branch that can never be reached...") because you can be wrong.
Does safe-tcl (or any alternative) have either of these properties? I
suspect not, for the first, and yes for the second.
