Generally speaking, and from my understanding, you will not be able to do:
SomeClass compile: 'initialize
MyEvilHack dostuff.
^ super initialize '
In newspeak.
And that's because you are not able to do:
SomeClass compile: '...'
Newspeak uses object capabilities, and following those principles, you will
only be able to compile and install code in a class, if somebody gives you
a capability to do so.
Then, the problem is that right now Pharo's reflective API is convoluted
with the base API, and thus from any piece of code you can do e.g.,:
anyObject superclass superclass allSubclasses...
A possible solution to this is to separate the reflective API from the base
API.
On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <[email protected]> wrote:
> On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <[email protected]>
> wrote:
> >
> > 2017-04-12 18:32 GMT+02:00 Ben Coman <[email protected]>:
> >>
> >> If you want hostile actors working directly within the Image with a full
> >> environment, then Pharo is probably not suitable. Its easy to get hold
> of
> >> global class from the Playground references and overwrite/compile any
> method
> >> in the system like this...
> >>
> >> SomeClass compile: 'initialize
> >> MyEvilHack dostuff.
> >> ^ super initialize '
> >>
> >> You might want to consider Newspeak, which runs on the same VM as Pharo
> >> and has a focus on security.
> >
> >
> > Interesting how they address your example?
>
> Not a direct response, but in Newspeak forum I see Gliad [1] respond
> to LaeMing... "Newspeak (note the capitalization) fits with your
> concerns around security and asynchrony, though the reality needs
> work. The main implementation runs on Smalltalk and as such is
> insecurable. There are less complete implementations based on
> compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM,
> which is probably the most compliant version."
>
> [1] https://groups.google.com/forum/#!searchin/newspeaklanguage/laeming%
> 7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ
>
> cheers -ben
>
>
