Re: proplib and the jet age

To: tech-userlevel%netbsd.org@localhost
Subject: Re: proplib and the jet age
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Sat, 5 Jan 2013 00:30:43 +0000

On Fri, Jan 04, 2013 at 11:42:33PM +0000, Christos Zoulas wrote:
 > > >    I somewhat recently migrated one of my own projects to use lua
 > > > scripts as configuration files rather than a custom "key=value"-pair
 > > > type configuration.
 > > > [...]
 > >
 > >Obviously you do what you need to do (for whatever reasons)... but do
 > >keep in mind that in general, using Turing-complete languages for
 > >configuration is a bad thing.
 > 
 > If the sandbox excludes all function calls, it is ok, no?

Depending on what you mean by "ok".

It may be "safe" in the sense that bundles that allege to be
configuration cannot execute rm -rf /, and even "safe" in the sense
that they can't begin executing an infinite loop.

It is not "safe" in the sense that the space of possible
configurations is kept to the minimum necessary; it is also not "safe"
in the sense that the correspondence between configuration text and
resulting program behavior is kept comprehensible.

It is these latter properties that are important in the long run
usually...

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: proplib and the jet age
  - From: Marc Balmer

References:
- proplib and the jet age
  - From: David Holland
- Re: proplib and the jet age
  - From: Marc Balmer
- Re: proplib and the jet age
  - From: Jan Danielsson
- Re: proplib and the jet age
  - From: David Holland
- Re: proplib and the jet age
  - From: Christos Zoulas

Prev by Date: Re: proplib and the jet age
Next by Date: Re: proplib and the jet age
Previous by Thread: Re: proplib and the jet age
Next by Thread: Re: proplib and the jet age
Indexes:

Home | Main Index | Thread Index | Old Index