Go to the first, previous, next, last section, table of contents.


One really nice tweak Larry Wall added to Perl is tainting: A bit associated with each datum recording whether it derives fairly directly from untrusted sources.

Given this taint bit, the interpreter can then automatically flag many dangerous operations as errors, such as invoking the host shell with a tainted string as the command.

In essence, the taint bit takes us a tiny step towards applying modern compiler type-checking and optimization logic -- usually locked up out of reach within those blackbox Algolic compilers -- toward general computational tasks.

Given that Muq is intended to be a heavily interactive environment, it would be cool to add tainting to the set of tools available to improve Muq security.

It would be even more cool to experiment with supplying general support for this sort of computation, so that users can experiment to find other applications for it without having to get into brutal server hacking.

This would mean providing support for

Plus of course the gruntwork of writing the infrastructure to make the bit propagation happen!

Only practical experimentation is likely to reveal whether tainting is in practice useful only for strings (in which case modifying only the string types and operations would be the optimal engineering solution) or is useful for most datatypes (in which case low-level pervasive support in the Muq virtual machine is the optimal engineering solution).

This sort of facility has the potential to slow down almost all Muq computations, so naturally there is a strong burden of proof which needs to be satisfied before mainstreaming the technology...

Go to the first, previous, next, last section, table of contents.