The stability of the Lisp Machine was due in large part to fundamental
issues of language design. In Lisp, you can't reference an object in
memory unless you have a pointer to the object. You can't reference
outside of the array bounds of an array. Buffer overflow attacks
essentially are impossible. The result is that it is VERY easy to
write code which is bullet-proof compared to essentially any other
system. All you have to do is control who has access to pointers, and
who gets to hand out the pointers. As usual, there are
"sub-primitive" operations which allow users to do things out of the
box, but it is a relatively straightforward check to assure that none
of those primitives are used in code (the names by convention began
with a % symbol). While we did not attempt to make highly secure
operating systems, the security of the resulting systems was very high
compared to the junk we see palmed off as software today.
Eventually, I suppose, we'll get back to that point again. Anyone who
would like to help, let me know.
|