Released KC3 securelevel reducing code loading and evaluation permissions into production servers

Today I released the master branch of KC3 to production servers (v0.1.16-git).

It include a new feature : a securelevel which is a per-process static variable that can only be increased. The level indicates whether code loading is blocked or allowed.

The rules of KC3.securelevel are :

• Any level inherits blocking features from lower levels
• Level 0 → all features enabled, default at boot time.
• Level 1 → dlopen and cfn definitions are disabled, so no new C functions can be called.
• Level 2 → fn and def are disabled. No new code can be defined. Environment facts database becomes read only.
• Level 3 → all eval_ functions are disabled, no KC3 code can run. C code only.

Now I'm thinking of adding a Level 4 that would prevent C code execution but that would just call abort() :D

See you next time, space cowboy !