Force headless mode
Locked
 
|
Hi,
At Synectique we are working on the deployment of a web application and we would like to force the headless mode. We tried to just override the method SmalltalkImage>>#isHeadless to return true all the time be it is not enough because the image is still opened. It is probabaly the vm that open the window. I know we can add some arguments to the command line to open the image as headless but we want to forbid the user to launch the image without headless to protect the code. Is this possible? Do you have some pointers? Thanks in advance. -- Cyril Ferlicot https://ferlicot.fr http://www.synectique.eu 2 rue Jacques Prévert 01, 59650 Villeneuve d'ascq France |
|
|
Hi
What about deploying a minimal image without UI ? But, as you probably know, headless mode does not prevent to dump the code. Christophe ----- Cyril Ferlicot <[hidden email]> a écrit : > Hi, > > At Synectique we are working on the deployment of a web application > and we would like to force the headless mode. We tried to just > override the method SmalltalkImage>>#isHeadless to return true all the > time be it is not enough because the image is still opened. It is > probabaly the vm that open the window. > > I know we can add some arguments to the command line to open the image > as headless but we want to forbid the user to launch the image without > headless to protect the code. > > Is this possible? Do you have some pointers? > > Thanks in advance. > > -- > Cyril Ferlicot > https://ferlicot.fr > > http://www.synectique.eu > 2 rue Jacques Prévert 01, > 59650 Villeneuve d'ascq France > |
|
|
In reply to this post by CyrilFerlicot
Or write a script that obfuscate the code. Not so hard to do. On Tue, Sep 26, 2017 at 5:13 PM, Christophe Demarey <[hidden email]> wrote: Hi |
|
|
In reply to this post by CyrilFerlicot
On Tue, Sep 26, 2017 at 5:13 PM, Christophe Demarey
<[hidden email]> wrote: > Hi > > What about deploying a minimal image without UI ? > But, as you probably know, headless mode does not prevent to dump the code. > I just tried to build our tools on a minimal image but it crash when trying to load a github's project. I now added a piece of code to update Metacello to a newer version but it just do nothing without any log. I know there is still some way to get the code but this is the first step to build a real delivery image. > Christophe > -- Cyril Ferlicot https://ferlicot.fr http://www.synectique.eu 2 rue Jacques Prévert 01, 59650 Villeneuve d'ascq France |
|
|
In reply to this post by CyrilFerlicot
> On 26 Sep 2017, at 16:49, Cyril Ferlicot <[hidden email]> wrote: > > Hi, > > At Synectique we are working on the deployment of a web application > and we would like to force the headless mode. We tried to just > override the method SmalltalkImage>>#isHeadless to return true all the > time be it is not enough because the image is still opened. It is > probabaly the vm that open the window. > > I know we can add some arguments to the command line to open the image > as headless but we want to forbid the user to launch the image without > headless to protect the code. > > Is this possible? Do you have some pointers? it is not. specially on windows. vm handles the creation of host window and you will always have one. now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;) Esteban > > Thanks in advance. > > -- > Cyril Ferlicot > https://ferlicot.fr > > http://www.synectique.eu > 2 rue Jacques Prévert 01, > 59650 Villeneuve d'ascq France > |
|
|
On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]> wrote:
> > > it is not. > specially on windows. > > vm handles the creation of host window and you will always have one. > > now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;) > I don't think we can wait Pharo 7 before doing this task. But I can still try it when you're done. With this, will it be possible to totally disable the non headless mode in production? > Esteban > > > -- Cyril Ferlicot https://ferlicot.fr http://www.synectique.eu 2 rue Jacques Prévert 01, 59650 Villeneuve d'ascq France |
Re: Force headless mode
|
|
> On 26 Sep 2017, at 18:06, Cyril Ferlicot <[hidden email]> wrote: > > On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]> wrote: >> >> >> it is not. >> specially on windows. >> >> vm handles the creation of host window and you will always have one. >> >> now… if you wait one week, I will have ready the (experimental) real headless VMs. In my tests, they are working fine but we will still need to work when we want to actually start a world window… but that’s another story ;) >> > > I don't think we can wait Pharo 7 before doing this task. But I can > still try it when you're done. > > With this, will it be possible to totally disable the non headless > mode in production? Why not do as follows: (1) add some startup code inside the image that tests if the image is running headless, if not exit (2) remove some of the command line handlers (especially the ones that execute or load code) Problem is that you will lock yourself out as well ;-) >> Esteban >> >> >> > > > > -- > Cyril Ferlicot > https://ferlicot.fr > > http://www.synectique.eu > 2 rue Jacques Prévert 01, > 59650 Villeneuve d'ascq France > |
|
|
Out of curiosity... how does enforcing headlessness protects code? Wouldn't it be still accessible via e.g. TelePharo, or startup script override, or anything? Peter On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <[hidden email]> wrote:
|
|
|
What is important is to understand the ratio attacker vs. defense.
It is important not to be paranoid. - against who are you protect yourself? - if you do not ship source code (or if you ofuscate it) - you can try remove the decompiler I do not think that people will do much. Now again how much time and for what? Stef On Tue, Sep 26, 2017 at 8:03 PM, Peter Uhnák <[hidden email]> wrote: > Out of curiosity... how does enforcing headlessness protects code? Wouldn't > it be still accessible via e.g. TelePharo, or startup script override, or > anything? > > Peter > > On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <[hidden email]> wrote: >> >> >> > On 26 Sep 2017, at 18:06, Cyril Ferlicot <[hidden email]> >> > wrote: >> > >> > On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <[hidden email]> >> > wrote: >> >> >> >> >> >> it is not. >> >> specially on windows. >> >> >> >> vm handles the creation of host window and you will always have one. >> >> >> >> now… if you wait one week, I will have ready the (experimental) real >> >> headless VMs. In my tests, they are working fine but we will still need to >> >> work when we want to actually start a world window… but that’s another story >> >> ;) >> >> >> > >> > I don't think we can wait Pharo 7 before doing this task. But I can >> > still try it when you're done. >> > >> > With this, will it be possible to totally disable the non headless >> > mode in production? >> >> Why not do as follows: >> >> (1) add some startup code inside the image that tests if the image is >> running headless, if not exit >> (2) remove some of the command line handlers (especially the ones that >> execute or load code) >> >> Problem is that you will lock yourself out as well ;-) >> >> >> Esteban >> >> >> >> >> >> >> > >> > >> > >> > -- >> > Cyril Ferlicot >> > https://ferlicot.fr >> > >> > http://www.synectique.eu >> > 2 rue Jacques Prévert 01, >> > 59650 Villeneuve d'ascq France >> > >> >> > |
|
|
In reply to this post by Sven Van Caekenberghe-2
On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <[hidden email]> wrote:
> > > Why not do as follows: > > (1) add some startup code inside the image that tests if the image is running headless, if not exit > (2) remove some of the command line handlers (especially the ones that execute or load code) > > Problem is that you will lock yourself out as well ;-) > > Thank you Sven. We used your solution (1) and it is indeed a good solution. Solution (2) was already in our todo list :) -- Cyril Ferlicot https://ferlicot.fr http://www.synectique.eu 2 rue Jacques Prévert 01, 59650 Villeneuve d'ascq France |
|
|
In reply to this post by Peter Uhnak
On Tue, Sep 26, 2017 at 8:03 PM, Peter Uhnák <[hidden email]> wrote:
> Out of curiosity... how does enforcing headlessness protects code? Wouldn't > it be still accessible via e.g. TelePharo, or startup script override, or > anything? > > Peter > > This is a first step. This is not all we will do but it is a step making it hard for people who do not know Pharo to access the code. There is no solution that would protect us at 100%, so we want a list of solutions fast to implement and covering a large part of the way to access to the code. -- Cyril Ferlicot https://ferlicot.fr http://www.synectique.eu 2 rue Jacques Prévert 01, 59650 Villeneuve d'ascq France |
|
|
In reply to this post by Stephane Ducasse-3
On Wed, Sep 27, 2017 at 9:21 AM, Stephane Ducasse
<[hidden email]> wrote: > What is important is to understand the ratio attacker vs. defense. > It is important not to be paranoid. > - against who are you protect yourself? > - if you do not ship source code (or if you ofuscate it) > - you can try remove the decompiler I do not think that people will do much. > Now again how much time and for what? > > Stef > We are taking this into consideration. We have several solutions and we will implement te one with the best implementation time/protection ratio. Thank you for the pointers. -- Cyril Ferlicot https://ferlicot.fr http://www.synectique.eu 2 rue Jacques Prévert 01, 59650 Villeneuve d'ascq France |
«
Return to Pharo Smalltalk Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |