Arc Forumnew | comments | leaders | submitlogin
1 point by cpfr 6120 days ago | link | parent

1. How do you enforce real/effective uid? What prevents this from being overwritten?

2. What prevents a user from saving and serialzing a dangerous thunk for later use? How do you expire?

3. How do you keep which functions are dangerous? What prevents due to lack of foresight unnecessary security breaches?

4. What stops others from getting around these by dipping under Arc and these primitives?

These are hard questions and unless they are answered the security the system provides is merely a ruse.