Ryan Voots wrote:
> I would certainly be interested in any documentation on this, i
> currently planned on using chroots and resource limits to prevent this
> (ain't unix grand?) but if i can do it inside of frink i could
> probably have things much more useful.
I've added a single convenience method to easily enable the most
restrictive security measures on a Frink interpreter. This should be
called before parsing untrusted input. Details have been added to the
"Embedding Frink" section of the document:
http://futureboy.us/frinkdocs/#EmbeddingFrink
and to the "Frink" class in the javadocs:
http://futureboy.us/frinkdocs/integrate/
Of course, setting up a chroot environment and resource limits are
also good ideas. You could alternatively do something similar using
Java's SecurityManager classes, and, of course, most Java VMs allow you
to set the maximum amount of memory that the VM can use. Several layers
of security couldn't ever hurt, though.
Please let me know if you have any questions. You'll need to
download the latest version of Frink (2008-09-07) of course.
--
Alan Eliasen | "Furious activity is no substitute
eliasen@... | for understanding."
http://futureboy.us/ | --H.H. Williams
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email