Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.general : Status of Moray? : Re: New SDL for POVRay Server Time
16 Jul 2025 08:07:47 EDT (-0400)
  Re: New SDL for POVRay  
From: Patrick Elliott
Date: 2 Oct 2007 00:45:28
Message: <MPG.216b7aa89e1a2eb498a032@news.povray.org>
 
In article <47015269$1@news.povray.org>, ele### [at] netscapenet 
says...
> William Tracy nous apporta ses lumieres en ce 2007/09/30 18:37:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Alain wrote:
> >> There is a way, it's called "sandboxing". The process runs in a limite
d,
> >> closed, virtual machine and only have access to what YOU want it to se
e.
> > 
> > So, you propose that every time POV code loads an external program, you
> > launch a full-scale virtual machine? Are we going to license something
> > from VMware? Are you going to ask people to buy extra licenses from
> > Microsoft for the copies of the operating system running inside the VM?
> > (Jeez, I'm starting to sound like Warp.)
> > 
> > Sandboxing is great for your language's own scripts/bytecode, but is
> > less than helpful for _external_ libraries and arbitrary programs, whic
h
> > is what we were talking about.
> > 
> > - --
> > William Tracy
> You don't need a full-scale virtual machine, only a prety limited one onl
y 
> supporting what you need it to support. You don't need to launch several 
of 
> those, you can reuse the same one for several modules. How about one that
 
> simulate some opensource, limited linux-like environment. In fact, you ma
y not 
> even need to have an OS running in that sandbox! A little like running a 
ROM 
> based application on a diskless box. That way, you gain an OS independanc
e, 
> whitch allows you to use those external modules regardless of what OS you
 use.
> 
> 
Actually, this isn't that horrible an idea. There are full linux-like 
environments that run off something as small as a floppy. You don't even 
need the console or video code, since the only data in/out is going to 
go through the engine and you can do the same thing that DOSBox does, 
and only "mount" specific folders, and subfolders, as valid places to 
run things from.

The only real issue is that this makes it hardly any better than just 
coding it all in the JIT anyway, since anything you wanted to run in it 
would have to be coded/recoded to run in that modified environment. 
Rewriting it as a module for the script language might be easier than 
writing it for the sandbox. And you "can" sandbox some languages too. 
The client application I have does that, defining the "io" and some 
other high risk libraries as "null", so that any attempt to call them 
generates a runtime error.

-- 
void main () {

    call functional_code()
  else
    call crash_windows();
}

<A HREF='http://www.daz3d.com/index.php?refid=16130551'>Get 3D Models,
 
3D Content, and 3D Software at DAZ3D!</A>


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.