Security in the image
Locked
 
|
Hi, I am fishing about for an environment to try to develop a simple virtual world system in (yes, I'm aware of croquet/cobolt!).
In a smalltalk-like environment, that might conceivably involve inviting multiple people into the 'image' where the world is hosted to interact with objects within it (if I was to use a smalltalk, it would want it to interleave the entire system, not just host it on top.) What sort of security implications might that have and are there any current solutions to a multi-user single-image situation? |
Re: Security in the image
|
|
On 12/04/17 09:34, LaeMing wrote:
> What sort of security implications might that have and are there any current > solutions to a multi-user single-image situation? Take a look at gemstone. https://www.youtube.com/user/JamesGFoster/videos Starting at https://www.youtube.com/watch?v=U0z5TddqyQI James made a really good series of videos Stephan |
|
|
In reply to this post by LaeMing
On Wed, Apr 12, 2017 at 3:34 PM, LaeMing <[hidden email]> wrote: Hi, I am fishing about for an environment to try to develop a simple virtual If you want hostile actors working directly within the Image with a full environment, then Pharo is probably not suitable. Its easy to get hold of global class from the Playground references and overwrite/compile any method in the system like this... SomeClass compile: 'initialize MyEvilHack dostuff. ^ super initialize ' You might want to consider Newspeak, which runs on the same VM as Pharo and has a focus on security. cheers -ben |
|
|
In reply to this post by Stephan Eggermont-3
Thanks, Stephan. Gem looks rather good, but I need an OSS licensed environment. |
|
|
In reply to this post by Ben Coman
Thanks, Ben. I am looking into Newspeak now. I am rather impressed so far! 
|
|
|
In reply to this post by Ben Coman
2017-04-12 18:32 GMT+02:00 Ben Coman <[hidden email]>:
Interesting how they address your example? |
Administrator
|
In reply to this post by LaeMing
Can you elaborate on that? GemStone/S has a free, even for commercial use, license. Are you planning on modifying the VM or the base product code? |
|
|
In reply to this post by Denis Kudriashov
On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <[hidden email]> wrote:
> > 2017-04-12 18:32 GMT+02:00 Ben Coman <[hidden email]>: >> >> If you want hostile actors working directly within the Image with a full >> environment, then Pharo is probably not suitable. Its easy to get hold of >> global class from the Playground references and overwrite/compile any method >> in the system like this... >> >> SomeClass compile: 'initialize >> MyEvilHack dostuff. >> ^ super initialize ' >> >> You might want to consider Newspeak, which runs on the same VM as Pharo >> and has a focus on security. > > > Interesting how they address your example? Not a direct response, but in Newspeak forum I see Gliad [1] respond to LaeMing... "Newspeak (note the capitalization) fits with your concerns around security and asynchrony, though the reality needs work. The main implementation runs on Smalltalk and as such is insecurable. There are less complete implementations based on compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM, which is probably the most compliant version." [1] https://groups.google.com/forum/#!searchin/newspeaklanguage/laeming%7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ cheers -ben |
|
|
Generally speaking, and from my understanding, you will not be able to do: SomeClass compile: 'initialize MyEvilHack dostuff. ^ super initialize ' In newspeak. And that's because you are not able to do: SomeClass compile: '...' Newspeak uses object capabilities, and following those principles, you will only be able to compile and install code in a class, if somebody gives you a capability to do so. Then, the problem is that right now Pharo's reflective API is convoluted with the base API, and thus from any piece of code you can do e.g.,: anyObject superclass superclass allSubclasses... A possible solution to this is to separate the reflective API from the base API. On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <[hidden email]> wrote: On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <[hidden email]> wrote: |
|
|
But what makes Pharo nice is also that there are no such limitations. There are security things in Pharo, like disabling socket acces etc. Maybe putting the VM in a true sandbox would be more adequate. That can be done in a lot of ways at the OS level. Think containers. Phil On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito <[hidden email]> wrote:
|
|
|
On Sun, Apr 23, 2017 at 8:33 PM, [hidden email] <[hidden email]> wrote:
> But what makes Pharo nice is also that there are no such limitations. > > There are security things in Pharo, like disabling socket acces etc. > Maybe putting the VM in a true sandbox would be more adequate. > That can be done in a lot of ways at the OS level. Think containers. > > Phil But that doesn't help us take over the world with *everyone* working within the Giant-Single-Galactic-Image. mhahHaHaHAhaaaaa.... cheers -ben > > On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito > <[hidden email]> wrote: >> >> Generally speaking, and from my understanding, you will not be able to do: >> >> SomeClass compile: 'initialize >> MyEvilHack dostuff. >> ^ super initialize ' >> >> In newspeak. >> >> And that's because you are not able to do: >> >> SomeClass compile: '...' >> >> Newspeak uses object capabilities, and following those principles, you >> will only be able to compile and install code in a class, if somebody gives >> you a capability to do so. >> >> Then, the problem is that right now Pharo's reflective API is convoluted >> with the base API, and thus from any piece of code you can do e.g.,: >> >> anyObject superclass superclass allSubclasses... >> >> A possible solution to this is to separate the reflective API from the >> base API. >> >> On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <[hidden email]> wrote: >>> >>> On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <[hidden email]> >>> wrote: >>> > >>> > 2017-04-12 18:32 GMT+02:00 Ben Coman <[hidden email]>: >>> >> >>> >> If you want hostile actors working directly within the Image with a >>> >> full >>> >> environment, then Pharo is probably not suitable. Its easy to get >>> >> hold of >>> >> global class from the Playground references and overwrite/compile any >>> >> method >>> >> in the system like this... >>> >> >>> >> SomeClass compile: 'initialize >>> >> MyEvilHack dostuff. >>> >> ^ super initialize ' >>> >> >>> >> You might want to consider Newspeak, which runs on the same VM as >>> >> Pharo >>> >> and has a focus on security. >>> > >>> > >>> > Interesting how they address your example? >>> >>> Not a direct response, but in Newspeak forum I see Gliad [1] respond >>> to LaeMing... "Newspeak (note the capitalization) fits with your >>> concerns around security and asynchrony, though the reality needs >>> work. The main implementation runs on Smalltalk and as such is >>> insecurable. There are less complete implementations based on >>> compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM, >>> which is probably the most compliant version." >>> >>> [1] >>> https://groups.google.com/forum/#!searchin/newspeaklanguage/laeming%7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ >>> >>> cheers -ben >>> >> > |
|
|
I was thinking of using Denis remote thing with an XMPP XEP so that we could IM our way into an image. That would be message passing. Coupled with a file transfer feature, well, could become interesting (and wild). That's On Sun, Apr 23, 2017 at 7:36 PM, Ben Coman <[hidden email]> wrote: On Sun, Apr 23, 2017 at 8:33 PM, [hidden email] <[hidden email]> wrote: |
|
|
In reply to this post by Guillermo Polito
I was reading some Smalltalk/X documentation http://live.exept.de/doc/online/english/programming/doingThingsInST.html and found this that could be useful: On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito <[hidden email]> wrote:
|
«
Return to Pharo Smalltalk Developers
|
1 view|%1 views
| Free forum by Nabble | Edit this page |