Re: proplib and the jet age

[Marc Balmer <marc%msys.ch@localhost>]

Am 05.01.2013 um 01:30 schrieb David Holland 
<dholland-tech%NetBSD.org@localhost>:

> On Fri, Jan 04, 2013 at 11:42:33PM +0000, Christos Zoulas wrote:
>>>>   I somewhat recently migrated one of my own projects to use lua
>>>> scripts as configuration files rather than a custom "key=value"-pair
>>>> type configuration.
>>>> [...]
>>> 
>>> Obviously you do what you need to do (for whatever reasons)... but do
>>> keep in mind that in general, using Turing-complete languages for
>>> configuration is a bad thing.
>> 
>> If the sandbox excludes all function calls, it is ok, no?
> 
> Depending on what you mean by "ok".
> 
> It may be "safe" in the sense that bundles that allege to be
> configuration cannot execute rm -rf /, and even "safe" in the sense
> that they can't begin executing an infinite loop.

This can be done.  Executing arbitraty unix commands is not possible by default 
and there are at least two different ways to prevent endless loops.

> It is not "safe" in the sense that the space of possible
> configurations is kept to the minimum necessary; it is also not "safe"
> in the sense that the correspondence between configuration text and
> resulting program behavior is kept comprehensible.

The first point does not really matter, the second point is true.  "Looking at 
the configuration" means executing a program.  But then, it's usually very 
readable and the flexibility that is gained by far outweighs the disadvantages, 
imo.

> 
> It is these latter properties that are important in the long run
> usually...
>