This is the mail archive of the
kawa@sources.redhat.com
mailing list for the Kawa project.
security features for kawa
- From: Thomas Kirk <tk at research dot att dot com>
- To: Per Bothner <per at bothner dot com>
- Cc: kawa at sources dot redhat dot com
- Date: Mon, 31 Jan 2005 20:23:48 -0500
- Subject: security features for kawa
- References: <41FB1DC0.5020204@bothner.com>
- Reply-to: tk at research dot att dot com
I've modified Kawa's classloaders to support annotation of compiled code
to work with the java security manager, so that scheme code may be
subject to runtime permission checking. Given the way code is loaded in
Kawa, this allows very fine-grained sandboxing -- permissions can be
assigned at the granularity of individual functions. In my application,
this has been a useful mechanism for containment of code that is
distributed at runtime, and for controlling resource access by
untrusted code.
I can contribute this functionality back into the Kawa codebase if others
are interested. It would need some additional work to be made ready for
general use, so I'd like to gauge interest before submitting patches.
cheers...
tom