[Pharo-dev] Security in the image

Ben Coman btc at openinworld.com
Sun Apr 23 13:36:46 EDT 2017


On Sun, Apr 23, 2017 at 8:33 PM, phil at highoctane.be <phil at highoctane.be> wrote:
> But what makes Pharo nice is also that there are no such limitations.
>
> There are security things in Pharo, like disabling socket acces etc.
> Maybe putting the VM in a true sandbox would be more adequate.
> That can be done in a lot of ways at the OS level. Think containers.
>
> Phil

But that doesn't help us take over the world with *everyone* working
within the Giant-Single-Galactic-Image.    mhahHaHaHAhaaaaa....
cheers -ben

>
> On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito
> <guillermopolito at gmail.com> wrote:
>>
>> Generally speaking, and from my understanding, you will not be able to do:
>>
>> SomeClass compile: 'initialize
>>      MyEvilHack dostuff.
>>      ^ super initialize '
>>
>> In newspeak.
>>
>> And that's because you are not able to do:
>>
>> SomeClass compile: '...'
>>
>> Newspeak uses object capabilities, and following those principles, you
>> will only be able to compile and install code in a class, if somebody gives
>> you a capability to do so.
>>
>> Then, the problem is that right now Pharo's reflective API is convoluted
>> with the base API, and thus from any piece of code you can do e.g.,:
>>
>> anyObject superclass superclass allSubclasses...
>>
>> A possible solution to this is to separate the reflective API from the
>> base API.
>>
>> On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <btc at openinworld.com> wrote:
>>>
>>> On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <dionisiydk at gmail.com>
>>> wrote:
>>> >
>>> > 2017-04-12 18:32 GMT+02:00 Ben Coman <btc at openinworld.com>:
>>> >>
>>> >> If you want hostile actors working directly within the Image with a
>>> >> full
>>> >> environment, then Pharo is probably not suitable.  Its easy to get
>>> >> hold of
>>> >> global class from the Playground references and overwrite/compile any
>>> >> method
>>> >> in the system like this...
>>> >>
>>> >> SomeClass compile: 'initialize
>>> >>     MyEvilHack dostuff.
>>> >>     ^ super initialize '
>>> >>
>>> >> You might want to consider Newspeak, which runs on the same VM as
>>> >> Pharo
>>> >> and has a focus on security.
>>> >
>>> >
>>> > Interesting how they address your example?
>>>
>>> Not a direct response, but in Newspeak forum I see Gliad [1] respond
>>> to LaeMing... "Newspeak (note the capitalization) fits with your
>>> concerns around security and asynchrony, though the reality needs
>>> work. The main implementation runs on Smalltalk and as such is
>>> insecurable.  There are less complete implementations based on
>>> compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM,
>>> which is probably the most compliant version."
>>>
>>> [1]
>>> https://groups.google.com/forum/#!searchin/newspeaklanguage/laeming%7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ
>>>
>>> cheers -ben
>>>
>>
>




More information about the Pharo-dev mailing list