But what makes Pharo nice is also that there are no such limitations. There are security things in Pharo, like disabling socket acces etc. Maybe putting the VM in a true sandbox would be more adequate. That can be done in a lot of ways at the OS level. Think containers.
Phil On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito <[email protected] > wrote: > Generally speaking, and from my understanding, you will not be able to do: > > SomeClass compile: 'initialize > MyEvilHack dostuff. > ^ super initialize ' > > In newspeak. > > And that's because you are not able to do: > > SomeClass compile: '...' > > Newspeak uses object capabilities, and following those principles, you > will only be able to compile and install code in a class, if somebody gives > you a capability to do so. > > Then, the problem is that right now Pharo's reflective API is convoluted > with the base API, and thus from any piece of code you can do e.g.,: > > anyObject superclass superclass allSubclasses... > > A possible solution to this is to separate the reflective API from the > base API. > > On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <[email protected]> wrote: > >> On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov <[email protected]> >> wrote: >> > >> > 2017-04-12 18:32 GMT+02:00 Ben Coman <[email protected]>: >> >> >> >> If you want hostile actors working directly within the Image with a >> full >> >> environment, then Pharo is probably not suitable. Its easy to get >> hold of >> >> global class from the Playground references and overwrite/compile any >> method >> >> in the system like this... >> >> >> >> SomeClass compile: 'initialize >> >> MyEvilHack dostuff. >> >> ^ super initialize ' >> >> >> >> You might want to consider Newspeak, which runs on the same VM as Pharo >> >> and has a focus on security. >> > >> > >> > Interesting how they address your example? >> >> Not a direct response, but in Newspeak forum I see Gliad [1] respond >> to LaeMing... "Newspeak (note the capitalization) fits with your >> concerns around security and asynchrony, though the reality needs >> work. The main implementation runs on Smalltalk and as such is >> insecurable. There are less complete implementations based on >> compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM, >> which is probably the most compliant version." >> >> [1] https://groups.google.com/forum/#!searchin/newspeaklanguage/ >> laeming%7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ >> >> cheers -ben >> >> >
