[Pharo-dev] Security in the image

phil at highoctane.be phil at highoctane.be
Sun Apr 23 08:33:12 EDT 2017


But what makes Pharo nice is also that there are no such limitations.

There are security things in Pharo, like disabling socket acces etc.
Maybe putting the VM in a true sandbox would be more adequate.
That can be done in a lot of ways at the OS level. Think containers.

Phil

On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito <guillermopolito at gmail.com
> wrote:

> Generally speaking, and from my understanding, you will not be able to do:
>
> SomeClass compile: 'initialize
>      MyEvilHack dostuff.
>      ^ super initialize '
>
> In newspeak.
>
> And that's because you are not able to do:
>
> SomeClass compile: '...'
>
> Newspeak uses object capabilities, and following those principles, you
> will only be able to compile and install code in a class, if somebody gives
> you a capability to do so.
>
> Then, the problem is that right now Pharo's reflective API is convoluted
> with the base API, and thus from any piece of code you can do e.g.,:
>
> anyObject superclass superclass allSubclasses...
>
> A possible solution to this is to separate the reflective API from the
> base API.
>
> On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <btc at openinworld.com> wrote:
>
>> On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <dionisiydk at gmail.com>
>> wrote:
>> >
>> > 2017-04-12 18:32 GMT+02:00 Ben Coman <btc at openinworld.com>:
>> >>
>> >> If you want hostile actors working directly within the Image with a
>> full
>> >> environment, then Pharo is probably not suitable.  Its easy to get
>> hold of
>> >> global class from the Playground references and overwrite/compile any
>> method
>> >> in the system like this...
>> >>
>> >> SomeClass compile: 'initialize
>> >>     MyEvilHack dostuff.
>> >>     ^ super initialize '
>> >>
>> >> You might want to consider Newspeak, which runs on the same VM as Pharo
>> >> and has a focus on security.
>> >
>> >
>> > Interesting how they address your example?
>>
>> Not a direct response, but in Newspeak forum I see Gliad [1] respond
>> to LaeMing... "Newspeak (note the capitalization) fits with your
>> concerns around security and asynchrony, though the reality needs
>> work. The main implementation runs on Smalltalk and as such is
>> insecurable.  There are less complete implementations based on
>> compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM,
>> which is probably the most compliant version."
>>
>> [1] https://groups.google.com/forum/#!searchin/newspeaklanguage/
>> laeming%7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ
>>
>> cheers -ben
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pharo.org/pipermail/pharo-dev_lists.pharo.org/attachments/20170423/fb64d31c/attachment-0002.html>


More information about the Pharo-dev mailing list