On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <[email protected]> wrote: > > 2017-04-12 18:32 GMT+02:00 Ben Coman <[email protected]>: >> >> If you want hostile actors working directly within the Image with a full >> environment, then Pharo is probably not suitable. Its easy to get hold of >> global class from the Playground references and overwrite/compile any method >> in the system like this... >> >> SomeClass compile: 'initialize >> MyEvilHack dostuff. >> ^ super initialize ' >> >> You might want to consider Newspeak, which runs on the same VM as Pharo >> and has a focus on security. > > > Interesting how they address your example?
Not a direct response, but in Newspeak forum I see Gliad [1] respond to LaeMing... "Newspeak (note the capitalization) fits with your concerns around security and asynchrony, though the reality needs work. The main implementation runs on Smalltalk and as such is insecurable. There are less complete implementations based on compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM, which is probably the most compliant version." [1] https://groups.google.com/forum/#!searchin/newspeaklanguage/laeming%7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ cheers -ben
