[movitz-devel] Object sharing between processes
Peter Minten
peter.minten at wanadoo.nl
Sat May 1 08:56:48 UTC 2004
Hi people,
I was wondering about how Lisp objects can be safely shared in a hypothetical
Movitz LispOS[1]. The problem is the following shell script:
(bar (foo))
Say foo and bar are both programs, not functions. Foo gives something as output
which becomes bar's input. Now I see two problems with a
each-process-an-address-space system:
* When foo is done it's address-space gets released, killing the output objects.
* Even foo's address-space is still available bar can't get to the output
objects of foo because they aren't in it's address space.
In a single address-space system this problem would of course not occur, because
when foo ends the objects it has created are still referenced and thus don't get
GC'ed, and bar can always access the objects if it has a reference.
So far it seems that a single address-space solution is best. But security
springs to mind as a major problem. In principle this can be solved by making
sure that no process can address an object using low level tricks, so that the
only way to reference objects is by holding a reference.
I see however a problem: heavy linking objects. If an object contains many many
references and it get's passed to another process then it would allow a great
deal of access to the objects of the source process. I don't know how likely
this situation is, but it could cause major security leaks.
Greetings,
Peter
Footnotes:
[1] Which should really get a name so that we don't constantly have to say
'hypothetical LispOS'. What about MILOS (Movitz Illuminating Lisp OS) or ALOS
(All-Lisp OS)?
More information about the movitz-devel
mailing list