From: "Martin Boßlet" <martin.bosslet@...>
Date: 2012-04-20T00:29:12+09:00
Subject: [ruby-core:44454] Re: [ruby-trunk - Feature #5455] $SAFE should be removed

--e0cb4efe29cc51acc904be09d502
Content-Type: text/plain; charset=ISO-8859-1

On Apr 19, 2012 6:36 AM, "jballanc (Joshua Ballanco)" <jballanc@gmail.com>
wrote:
>
>
> Issue #5455 has been updated by jballanc (Joshua Ballanco).
>
>
> I just wanted to chime in here and suggest that, in the process of adding
security restrictions, it might be worth considering the Sandbox
implemented in MacRuby and Aaron's playpen library (
https://github.com/tenderlove/playpen), both of which are built on the
OS-level security framework. I wonder if SAFE might better be replaced by
something like this (built on OS specific security frameworks)?

A problem that I see with this approach is that it would be hard to support
this consistently across a variety of platforms. I think a more consistent
approach would be to define an independent, abstract interface like Charles
suggested. Then the individual implementations could very well use
OS-specific helpers to realize the spec, while JRuby is still free to
piggyback on Java's built-in features. Personally, I believe these kinds of
abstraction layers help a lot to keep consistence and encourage a more
testable, cleaner overall design.

-Martin

--e0cb4efe29cc51acc904be09d502
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p><br>
On Apr 19, 2012 6:36 AM, &quot;jballanc (Joshua Ballanco)&quot; &lt;<a href=
=3D"mailto:jballanc@gmail.com">jballanc@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt;<br>
&gt; Issue #5455 has been updated by jballanc (Joshua Ballanco).<br>
&gt;<br>
&gt;<br>
&gt; I just wanted to chime in here and suggest that, in the process of add=
ing security restrictions, it might be worth considering the Sandbox implem=
ented in MacRuby and Aaron&#39;s playpen library (<a href=3D"https://github=
.com/tenderlove/playpen">https://github.com/tenderlove/playpen</a>), both o=
f which are built on the OS-level security framework. I wonder if SAFE migh=
t better be replaced by something like this (built on OS specific security =
frameworks)?</p>

<p>A problem that I see with this approach is that it would be hard to supp=
ort this consistently across a variety of platforms. I think a more consist=
ent approach would be to define an independent, abstract interface like Cha=
rles suggested. Then the individual implementations could very well use OS-=
specific helpers to realize the spec, while JRuby is still free to piggybac=
k on Java&#39;s built-in features. Personally, I believe these kinds of abs=
traction layers help a lot to keep consistence and encourage a more testabl=
e, cleaner overall design.</p>

<p>-Martin</p>

--e0cb4efe29cc51acc904be09d502--