Clojure: light weight jail -

-

context:

in lua, it's trivial , cheap (4kb of memory) create new lua vm. thus, it's trivial create cheap lua "jails". then, if untrusted code misbehaves, kill lua vm.

i'm aware of https://github.com/licenser/clj-sandbox appears wrap around java ... make untrusted code thread native java threads, powerless kill.

question:

is there anyway create cheap / light weight clojure jails?

i'm (co)author of little library called clojail kind of rethinking of clj-sandbox. makes use of java sandbox, provides features sandboxing clojure-specific things. tryclj , 4clojure make use of it.

i don't understand mean rest of that. jvm sandbox great in can prevent i/o. clojail goes rest of way allowing timeouts prevent long running code. if you're saying "people create threads , wouldn't able kill them", clojail kills threads created inside of sandbox , best prevent stray threads running away. jvm sandbox (and clojail specific stuff) still prevents dangerous code running on threads well.

in summary, check out clojail. might need. sufficient purposes, , game in town (save clj-sandbox isn't maintained) jails. isn't best solution easiest.

the next step if clojail doesn't need roll own jailing mechanism involves using jvm sandbox , spinning off jvms. has massive overhead, i'd avoid if anyway possible. not in 4kb luatown anymore. ;)


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more