2008/11/30 Michael Rueger <[EMAIL PROTECTED]>: > Igor Stasenko wrote: >> >> and besides: >> VMs is packaged with FFI as dynamic library. >> So, if you want extra safety - simply don't shipp your application >> with this DLL. >> >> But still, if you allow arbitrary code to run in your image, then what >> prevents script kiddie from doing following: > > the sandbox does that as it prevents writing of files in "interesting" > locations like the VM directory. >
what if i put .dll in directory which is included in a search path? There can be many indirect ways to leave something on disk, and then run it by OS. Not sure about macs, but on windows, a good sandboxing would be to prevent any file i/o. But then if you running a seaside (or any mid-sized app), i'm sure you will need file i/o for yourself . > I'm all for using FFI/Alien, what I really tried to make people aware of is > that by using FFI instead of plugins certain things become more dangerous. > For standalone and server applications not loading any code from the outside > this is not a problem at all. > > By using FFI we need to more aware though that we potentially open up a > Squeak application to buffer overflow attacks, something that wasn't really > possible before. > > So I didn't want to put any brakes on, but raise people's awareness about > security. It's a bit like with the Mac: just because hackers haven't really > cared about exploiting vulnerabilities doesn't mean the Mac is safe. And we > Smalltalkers have considered us to use the Mac of programming languages and > thus feeling safe for the longest time ;-) > First, i should care about safety & stability of my own deployed application, then about possible exploits of different backends, such an OS or dynamic libraries. If i leave security responsibility on VM, then i can't guarantee the stability of my own application , and its makes no much sense talking, what exploits attacker could use through FFI interface or whatever, because first thing which under attack is my own application and its data. Would it make anyone happy, if hacker be able to destroy your image, destroy your app data etc etc, but unable to crack operating system? > Michael > > > _______________________________________________ > Pharo-project mailing list > [email protected] > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project > -- Best regards, Igor Stasenko AKA sig. _______________________________________________ Pharo-project mailing list [email protected] http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
