Safer Scripting Through Precompilation

(Transcript of Discussion)
  • Ben Laurie
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4631)


I’m going to talk about putting capabilities into scripting languages. The reason that you might want to put capabilities into a scripting language is because it would be good if we could get a script from any old place and run it without being worried that it was going to do something nasty to us, and more than that, we would like the script to do things that were actually useful, to read and write files, and make network connections, and all the things that we expect programs to be able to do, but only exactly what we want it to do.

Now there are these things called capabilities, which nobody likes anymore, that let you do this. So what do I mean by a capability? It’s a word that’s used by lots of people to mean lots of different things. Linux has things it calls capabilities which are actually a kind of fine-grained access control. Java has things that it calls capabilities which are actually another kind of fine grained access control, i.e. they are things that if you hold them you can do something, like open this particular file, or send to the printer, or whatever. In order to distinguish these capabilities, people who talk about them these days have started calling them object capabilities, which means that you can think about them as standard object oriented gadgets which are objects in an object oriented language that you cannot look inside, so they’re opaque, and that you can’t get a reference to unless you’re given it, and the general way in which you use them is that you pass them around as parameters, any function can only use the capabilities which it has been passed, or which are within data structures it already owns, functions and models as functions on objects in general, so they usually have a single capability which they can look inside, and they’re the only people who can look inside that capability. And if you write your program right, capabilities correspond to things like read a particular file, write to a particular socket, give me money, that kind of thing. Give me money obviously would be a more general distributed kind of capability, not just within a particular program, so would be represented by bits on the wire as well as a capability in the program.


Access Control System Call Parse Tree Script Language Open Dialogue 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ben Laurie
    • 1
  1. 1.A.L. Group 

Personalised recommendations