Shared address space
Mon, 12 May 1997 13:23:26 -0400
In assembler, the namespace of available objects is folded into
the integers mod 2^32 (for some machines). This means
that you must use memory protection if you don't want
an errant program causing problems.
If lisp code is distributed as source, or semi-compiled, this
aspect should not be a problem.
In Lisp, the namespace consists of the objects that can
be referenced by free variables. If these objects are read-only,
and if the program is constrained in other ways (no access to the
whole disk, etc.), then the program should not be able
to do anything dangerous.
This problem is a bit trickier than I have just stated, but it
should be possible to develop a secure model.
The issue at this point is whether it is possible to use the MMU
to assist in enforcing our policies.