[squeak-dev] Re: Another FFI/Installer issue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[squeak-dev] Re: Another FFI/Installer issue

Torsten Bergmann
Hi,

>Maybe is time to re-think about who should be in the Release Team ?

No - if this problem continues to appear on the list we just need to fix the problem/images
(not the release team itself)  ;)

>Maybe nobody cared to rebuild new images with the fix?
>>Its not that "no body cared". Thats a little harsh... since ...

My posting today was not intended to criticize Edgars work or the Release Team.
Maybe the intention get's clearer with some background info:

I tested 3.10 on a regular basis and I contacted Andreas in March after having the FFI
problem and reported to the squeak-dev list [1] together with a mantis report [2].
After Andreas reported a fix [3] on the squeak list I also added his fix to Mantis.

After a while I tried a newer image for 3.10 (Squeak3.10.1-7175-basic.zip) and since the problem
was still there I now reported to the official V3dot10 list [4] in May - with the result that the fix
is now at least in the preliminary 3.11 (posting from Keith [5]).

AFAIK it's not fixed in the "Squeak3.10.2-7179-basic.zip" which is the latest
downloadable 3.10 version and linked from the squeak.org webpage. I dont "care about" the
reason and havent followed the issue since my own build scripts easily apply the fix.

Maybe the fix in 6980 just slipped through, the fix is to unstable or maybe there is no general interest
or to much work in rebuilding the 3.10 image for this particular issue or most people know how to apply
fixes from Mantis, maybe people still use 3.9 - I dont really know , I can just guess.

What I know is that I got no answer on the V3dot10 list regarding the issue to be fixed for the
current 3.10 Squeak image. So my impression was and still is that nobody cared/or has an interest
on having a newer 3.10 image built to solve this issue there. Maybe having it in a 3.11 script is good
enough and a new 3.10 image is not necessary. But since I dont really know I've put a question
mark on the statement! Nothing more said.

>all "should" be well.

Maybe, but that depends. I still think that it's hard for beginners starting with 3.10
(or Squeakers who do not regulary scan Mantis/dev list or know about Installer)
to be faced with a problematic image after loading FFI...

Bye
Torsten

[1] http://lists.squeakfoundation.org/pipermail/squeak-dev/2008-March/127207.html
[2] http://bugs.squeak.org/view.php?id=6980
[3] http://lists.squeakfoundation.org/pipermail/squeak-dev/2008-March/127208.html
[4] http://lists.squeakfoundation.org/pipermail/v3dot10/2008-May/001116.html
[5] http://lists.squeakfoundation.org/pipermail/v3dot10/2008-May/001112.html
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: Another FFI/Installer issue

Igor Stasenko
2008/8/3 Torsten Bergmann <[hidden email]>:

> Hi,
>
>>Maybe is time to re-think about who should be in the Release Team ?
>
> No - if this problem continues to appear on the list we just need to fix the problem/images
> (not the release team itself)  ;)
>
>>Maybe nobody cared to rebuild new images with the fix?
>>>Its not that "no body cared". Thats a little harsh... since ...
>
> My posting today was not intended to criticize Edgars work or the Release Team.
> Maybe the intention get's clearer with some background info:
>
> I tested 3.10 on a regular basis and I contacted Andreas in March after having the FFI
> problem and reported to the squeak-dev list [1] together with a mantis report [2].
> After Andreas reported a fix [3] on the squeak list I also added his fix to Mantis.
>
> After a while I tried a newer image for 3.10 (Squeak3.10.1-7175-basic.zip) and since the problem
> was still there I now reported to the official V3dot10 list [4] in May - with the result that the fix
> is now at least in the preliminary 3.11 (posting from Keith [5]).
>
> AFAIK it's not fixed in the "Squeak3.10.2-7179-basic.zip" which is the latest
> downloadable 3.10 version and linked from the squeak.org webpage. I dont "care about" the
> reason and havent followed the issue since my own build scripts easily apply the fix.
>
> Maybe the fix in 6980 just slipped through, the fix is to unstable or maybe there is no general interest
> or to much work in rebuilding the 3.10 image for this particular issue or most people know how to apply
> fixes from Mantis, maybe people still use 3.9 - I dont really know , I can just guess.
>
> What I know is that I got no answer on the V3dot10 list regarding the issue to be fixed for the
> current 3.10 Squeak image. So my impression was and still is that nobody cared/or has an interest
> on having a newer 3.10 image built to solve this issue there. Maybe having it in a 3.11 script is good
> enough and a new 3.10 image is not necessary. But since I dont really know I've put a question
> mark on the statement! Nothing more said.
>
>>all "should" be well.
>
> Maybe, but that depends. I still think that it's hard for beginners starting with 3.10
> (or Squeakers who do not regulary scan Mantis/dev list or know about Installer)
> to be faced with a problematic image after loading FFI...
>
My 2 cents.
An FFI is 'need to have package' for my needs. Frankly, i don't
remember images which i was working with, which don't have FFI
installed.
Because of that, i have a strong bias that FFI plugin should be
included as internal plugin into VM by default (and FFI package could
still be optional, but it should be tested to be able to loaded
without problems in ANY image).
The arguments for not putting it, some people like repeating, that FFI
puts instability into image/VM seem very odd as to me. A running
Croquet is best illustration what such arguments worth.
But this is just my humble opinion.

I was expected that in 3.10.2 the issue was fixed (because couple
months passed since issue was found and then cure found).
Honestly there is nobody to blame for it (except self ;) , that it is
not included.


--
Best regards,
Igor Stasenko AKA sig.


Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: Another FFI/Installer issue

keith1y
In reply to this post by Torsten Bergmann

> Maybe, but that depends. I still think that it's hard for beginners starting with 3.10
> (or Squeakers who do not regulary scan Mantis/dev list or know about Installer)
> to be faced with a problematic image after loading FFI...
>
> Bye
> Torsten
>  
I think that we/someone is confusing things here. In one breath we ask
the release team to provide a minimal image in which as many packages as
possible are removed. In the next we complain when total beginners are
not able to build their own custom images perfectly from scratch with
one click, or must learn a command line tool.

As far as I know the intention all along has been for the base image to
get smaller, and for derived images to be built from that base image
using scripts. The process of supplying working derived images for
beginners to play with was something that members of the community would
be expected to do at their leisure. So far we have several, squeak-dev,
squeak-web and FunSqueak. "Installer" of course makes this process much
easier, and http://installer.pbwiki.com/ provides a place for publishing
such scripts.

Sure we would like to have our cake (the small image) and eat it (build
derived images with one click), but the 3.10 release team picked
Universes to perform this task rather than Installer, so 3.10 doesnt
come with an up to date Installer or instructions on how to use it.
Universes can be persuaded to work in theory, but someone needs to
actually do it. I myself preferred to put my effort into Sake/Packages
in order to replace Universes in 3.11. Matthew has been trying to ensure
that as many SqueakMap packages as possible actually load.

cheers

Keith



Reply | Threaded
Open this post in threaded view
|

[squeak-dev] Re: Another FFI/Installer issue

Andreas.Raab
In reply to this post by Igor Stasenko
Igor Stasenko wrote:
> Because of that, i have a strong bias that FFI plugin should be
> included as internal plugin into VM by default (and FFI package could
> still be optional, but it should be tested to be able to loaded
> without problems in ANY image).
> The arguments for not putting it, some people like repeating, that FFI
> puts instability into image/VM seem very odd as to me. A running
> Croquet is best illustration what such arguments worth.

It's not about stability, it's about security. Without the FFI, it is
possible to have a fairly well sand-boxed environment (see Squeakland
for example). With the FFI, this is simply impossible. That's why the
FFI isn't built-in, and likely never will be for any VMs that I release.

Cheers,
   - Andreas


Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: Another FFI/Installer issue

timrowledge
> Igor Stasenko wrote:
>> Because of that, i have a strong bias that FFI plugin should be
>> included as internal plugin into VM by default

Unless there is a serious flaw in the implementation any plugin should  
be perfectly usable as an external plugin. *No* plugin that I am  
familiar with (yes, I'm not familiar with every single one of them)  
needs to be bound internally in order to work.

In fact I'd go so far as to claim the the only reason to bind plugins  
internally is for packaging reasons relating to the platform being  
totally braindead about packages. Why is it that 20 years after RISC  
OS demonstrated that an utterly trivial packaging implementation was  
both doable and very effective and 5 years (or so) after OSX  
demonstrated that a similar (did I say copied? Not me. Though it  
probably is, since I know some folk worked on both) system worked  
rather well on unix filesystems, we still don't see it being used  
everywhere? Oh yeah - the software world has its collective head up  
its collective rectum. I forgot.

tim
--
tim Rowledge; [hidden email]; http://www.rowledge.org/tim
Useful random insult:- Settled some during shipping and handling.



Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: Another FFI/Installer issue

stephane ducasse
In reply to this post by Andreas.Raab
Hi andreas

could give some examples about the security problems FFI brings into  
play (buffer overflow? ... and issues like that?)

Stef

On Aug 3, 2008, at 12:52 AM, Andreas Raab wrote:

> Igor Stasenko wrote:
>> Because of that, i have a strong bias that FFI plugin should be
>> included as internal plugin into VM by default (and FFI package could
>> still be optional, but it should be tested to be able to loaded
>> without problems in ANY image).
>> The arguments for not putting it, some people like repeating, that  
>> FFI
>> puts instability into image/VM seem very odd as to me. A running
>> Croquet is best illustration what such arguments worth.
>
> It's not about stability, it's about security. Without the FFI, it  
> is possible to have a fairly well sand-boxed environment (see  
> Squeakland for example). With the FFI, this is simply impossible.  
> That's why the FFI isn't built-in, and likely never will be for any  
> VMs that I release.
>
> Cheers,
>  - Andreas
>
>
>


Reply | Threaded
Open this post in threaded view
|

[squeak-dev] Re: Another FFI/Installer issue

Andreas.Raab
stephane ducasse wrote:
> could give some examples about the security problems FFI brings into
> play (buffer overflow? ... and issues like that?)

How about something like:

   Win32OS shellExecute: 'format c:'.

or, for our unix friends (who often think they are invulnerable ;-)

   UnixOS system: 'find ~/ -type f -exec rm -f {} \;'.

This should do it. Note that you can slip this in without even having
any of the FFI in the image since you can construct the necessary bits
on the fly (calling system() is particularly trivial). It's downhill
from there since there are simply too many ways in which *all* of the
operating systems are entirely unsafe.

And before anyone says "but you can do this FileDirectory as well": Yes,
you can, but only if the sandbox isn't activated. As soon as go into
sandbox mode via "SecurityManager default enterRestrictedMode" an attack
like the above will no longer work.

Cheers,
   - Andreas

>
> Stef
>
> On Aug 3, 2008, at 12:52 AM, Andreas Raab wrote:
>
>> Igor Stasenko wrote:
>>> Because of that, i have a strong bias that FFI plugin should be
>>> included as internal plugin into VM by default (and FFI package could
>>> still be optional, but it should be tested to be able to loaded
>>> without problems in ANY image).
>>> The arguments for not putting it, some people like repeating, that FFI
>>> puts instability into image/VM seem very odd as to me. A running
>>> Croquet is best illustration what such arguments worth.
>>
>> It's not about stability, it's about security. Without the FFI, it is
>> possible to have a fairly well sand-boxed environment (see Squeakland
>> for example). With the FFI, this is simply impossible. That's why the
>> FFI isn't built-in, and likely never will be for any VMs that I release.
>>
>> Cheers,
>>  - Andreas
>>
>>
>>
>
>
>