Force headless mode

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Force headless mode

CyrilFerlicot
Hi,

At Synectique we are working on the deployment of a web application
and we would like to force the headless mode. We tried to just
override the method SmalltalkImage>>#isHeadless to return true all the
time be it is not enough because the image is still opened. It is
probabaly the vm that open the window.

I know we can add some arguments to the command line to open the image
as headless but we want to forbid the user to launch the image without
headless to protect the code.

Is this possible? Do you have some pointers?

Thanks in advance.

--
Cyril Ferlicot
https://ferlicot.fr

http://www.synectique.eu
2 rue Jacques Prévert 01,
59650 Villeneuve d'ascq France

Reply | Threaded
Open this post in threaded view
|

Re : Force headless mode

demarey
Hi

What about deploying a minimal image without  UI ?
But, as you probably know, headless mode does not prevent to dump the code.

Christophe
----- Cyril Ferlicot <[hidden email]> a écrit :

> Hi,
>
> At Synectique we are working on the deployment of a web application
> and we would like to force the headless mode. We tried to just
> override the method SmalltalkImage>>#isHeadless to return true all the
> time be it is not enough because the image is still opened. It is
> probabaly the vm that open the window.
>
> I know we can add some arguments to the command line to open the image
> as headless but we want to forbid the user to launch the image without
> headless to protect the code.
>
> Is this possible? Do you have some pointers?
>
> Thanks in advance.
>
> --
> Cyril Ferlicot
> https://ferlicot.fr
>
> http://www.synectique.eu
> 2 rue Jacques Prévert 01,
> 59650 Villeneuve d'ascq France
>


Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

Clément Béra
In reply to this post by CyrilFerlicot
Or write a script that obfuscate the code. Not so hard to do. 

On Tue, Sep 26, 2017 at 5:13 PM, Christophe Demarey <[hidden email]> wrote:
Hi

What about deploying a minimal image without  UI ?
But, as you probably know, headless mode does not prevent to dump the code.

Christophe
----- Cyril Ferlicot <[hidden email]> a écrit :
> Hi,
>
> At Synectique we are working on the deployment of a web application
> and we would like to force the headless mode. We tried to just
> override the method SmalltalkImage>>#isHeadless to return true all the
> time be it is not enough because the image is still opened. It is
> probabaly the vm that open the window.
>
> I know we can add some arguments to the command line to open the image
> as headless but we want to forbid the user to launch the image without
> headless to protect the code.
>
> Is this possible? Do you have some pointers?
>
> Thanks in advance.
>
> --
> Cyril Ferlicot
> https://ferlicot.fr
>
> http://www.synectique.eu
> 2 rue Jacques Prévert 01,
> 59650 Villeneuve d'ascq France
>



Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

CyrilFerlicot
In reply to this post by CyrilFerlicot
On Tue, Sep 26, 2017 at 5:13 PM, Christophe Demarey
<[hidden email]> wrote:
> Hi
>
> What about deploying a minimal image without  UI ?
> But, as you probably know, headless mode does not prevent to dump the code.
>

I just tried to build our tools on a minimal image but it crash when
trying to load a github's project. I now added a piece of code to
update Metacello to a newer version but it just do nothing without any
log.

I know there is still some way to get the code but this is the first
step to build a real delivery image.

> Christophe
>



--
Cyril Ferlicot
https://ferlicot.fr

http://www.synectique.eu
2 rue Jacques Prévert 01,
59650 Villeneuve d'ascq France

Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

EstebanLM
In reply to this post by CyrilFerlicot

> On 26 Sep 2017, at 16:49, Cyril Ferlicot <[hidden email]> wrote:
>
> Hi,
>
> At Synectique we are working on the deployment of a web application
> and we would like to force the headless mode. We tried to just
> override the method SmalltalkImage>>#isHeadless to return true all the
> time be it is not enough because the image is still opened. It is
> probabaly the vm that open the window.
>
> I know we can add some arguments to the command line to open the image
> as headless but we want to forbid the user to launch the image without
> headless to protect the code.
>
> Is this possible? Do you have some pointers?

it is not.
specially on windows.

vm handles the creation of host window and you will always have one.

now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;)

Esteban

>
> Thanks in advance.
>
> --
> Cyril Ferlicot
> https://ferlicot.fr
>
> http://www.synectique.eu
> 2 rue Jacques Prévert 01,
> 59650 Villeneuve d'ascq France
>


Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

CyrilFerlicot
On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]> wrote:
>
>
> it is not.
> specially on windows.
>
> vm handles the creation of host window and you will always have one.
>
> now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;)
>

I don't think we can wait Pharo 7 before doing this task. But I can
still try it when you're done.

With this, will it be possible to totally disable the non headless
mode in production?

> Esteban
>
>
>



--
Cyril Ferlicot
https://ferlicot.fr

http://www.synectique.eu
2 rue Jacques Prévert 01,
59650 Villeneuve d'ascq France

Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

Sven Van Caekenberghe-2

> On 26 Sep 2017, at 18:06, Cyril Ferlicot <[hidden email]> wrote:
>
> On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]> wrote:
>>
>>
>> it is not.
>> specially on windows.
>>
>> vm handles the creation of host window and you will always have one.
>>
>> now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;)
>>
>
> I don't think we can wait Pharo 7 before doing this task. But I can
> still try it when you're done.
>
> With this, will it be possible to totally disable the non headless
> mode in production?

Why not do as follows:

(1) add some startup code inside the image that tests if the image is running headless, if not exit
(2) remove some of the command line handlers (especially the ones that execute or load code)

Problem is that you will lock yourself out as well ;-)

>> Esteban
>>
>>
>>
>
>
>
> --
> Cyril Ferlicot
> https://ferlicot.fr
>
> http://www.synectique.eu
> 2 rue Jacques Prévert 01,
> 59650 Villeneuve d'ascq France
>


Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

Peter Uhnak
Out of curiosity... how does enforcing headlessness protects code? Wouldn't it be still accessible via e.g. TelePharo, or startup script override, or anything?

Peter

On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <[hidden email]> wrote:

> On 26 Sep 2017, at 18:06, Cyril Ferlicot <[hidden email]> wrote:
>
> On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]> wrote:
>>
>>
>> it is not.
>> specially on windows.
>>
>> vm handles the creation of host window and you will always have one.
>>
>> now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;)
>>
>
> I don't think we can wait Pharo 7 before doing this task. But I can
> still try it when you're done.
>
> With this, will it be possible to totally disable the non headless
> mode in production?

Why not do as follows:

(1) add some startup code inside the image that tests if the image is running headless, if not exit
(2) remove some of the command line handlers (especially the ones that execute or load code)

Problem is that you will lock yourself out as well ;-)

>> Esteban
>>
>>
>>
>
>
>
> --
> Cyril Ferlicot
> https://ferlicot.fr
>
> http://www.synectique.eu
> 2 rue Jacques Prévert 01,
> 59650 Villeneuve d'ascq France
>



Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

Stephane Ducasse-3
What is important is to understand the ratio attacker vs. defense.
It is important not to be paranoid.
- against who are you protect yourself?
- if you do not ship source code (or if you ofuscate it)
- you can try remove the decompiler I do not think that people will do much.
Now again how much time and for what?

Stef

On Tue, Sep 26, 2017 at 8:03 PM, Peter Uhnák <[hidden email]> wrote:

> Out of curiosity... how does enforcing headlessness protects code? Wouldn't
> it be still accessible via e.g. TelePharo, or startup script override, or
> anything?
>
> Peter
>
> On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <[hidden email]> wrote:
>>
>>
>> > On 26 Sep 2017, at 18:06, Cyril Ferlicot <[hidden email]>
>> > wrote:
>> >
>> > On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]>
>> > wrote:
>> >>
>> >>
>> >> it is not.
>> >> specially on windows.
>> >>
>> >> vm handles the creation of host window and you will always have one.
>> >>
>> >> now… if you wait one week, I will have ready the (experimental) real
>> >> headless VMs. In my tests, they are working fine but we will still need to
>> >> work when we want to actually start a world window… but that’s another story
>> >> ;)
>> >>
>> >
>> > I don't think we can wait Pharo 7 before doing this task. But I can
>> > still try it when you're done.
>> >
>> > With this, will it be possible to totally disable the non headless
>> > mode in production?
>>
>> Why not do as follows:
>>
>> (1) add some startup code inside the image that tests if the image is
>> running headless, if not exit
>> (2) remove some of the command line handlers (especially the ones that
>> execute or load code)
>>
>> Problem is that you will lock yourself out as well ;-)
>>
>> >> Esteban
>> >>
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Cyril Ferlicot
>> > https://ferlicot.fr
>> >
>> > http://www.synectique.eu
>> > 2 rue Jacques Prévert 01,
>> > 59650 Villeneuve d'ascq France
>> >
>>
>>
>

Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

CyrilFerlicot
In reply to this post by Sven Van Caekenberghe-2
On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <[hidden email]> wrote:

>
>
> Why not do as follows:
>
> (1) add some startup code inside the image that tests if the image is running headless, if not exit
> (2) remove some of the command line handlers (especially the ones that execute or load code)
>
> Problem is that you will lock yourself out as well ;-)
>
>

Thank you Sven.

We used your solution (1) and it is indeed a good solution.

Solution (2) was already in our todo list :)

--
Cyril Ferlicot
https://ferlicot.fr

http://www.synectique.eu
2 rue Jacques Prévert 01,
59650 Villeneuve d'ascq France

Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

CyrilFerlicot
In reply to this post by Peter Uhnak
On Tue, Sep 26, 2017 at 8:03 PM, Peter Uhnák <[hidden email]> wrote:
> Out of curiosity... how does enforcing headlessness protects code? Wouldn't
> it be still accessible via e.g. TelePharo, or startup script override, or
> anything?
>
> Peter
>
>

This is a first step. This is not all we will do but it is a step
making it hard for people who do not know Pharo to access the code.
There is no solution that would protect us at 100%, so we want a list
of solutions fast to implement and covering a large part of the way to
access to the code.



--
Cyril Ferlicot
https://ferlicot.fr

http://www.synectique.eu
2 rue Jacques Prévert 01,
59650 Villeneuve d'ascq France

Reply | Threaded
Open this post in threaded view
|

Re: Force headless mode

CyrilFerlicot
In reply to this post by Stephane Ducasse-3
On Wed, Sep 27, 2017 at 9:21 AM, Stephane Ducasse
<[hidden email]> wrote:
> What is important is to understand the ratio attacker vs. defense.
> It is important not to be paranoid.
> - against who are you protect yourself?
> - if you do not ship source code (or if you ofuscate it)
> - you can try remove the decompiler I do not think that people will do much.
> Now again how much time and for what?
>
> Stef
>

We are taking this into consideration.

We have several solutions and we will implement te one with the best
implementation time/protection ratio.

Thank you for the pointers.

--
Cyril Ferlicot
https://ferlicot.fr

http://www.synectique.eu
2 rue Jacques Prévert 01,
59650 Villeneuve d'ascq France