Hi there,
A while ago I heard of the (theoretical) ability of swikis to support real smalltalk scripting inside the edited pages. Is this secure? Is there any swiki active that makes use of this feature? (if not the first than most probably not the second ;-) Is anybody interested in developmentor actively developing in this direction?
On the other hand what about security in the Squeak browser plugin? I gather it is very safe against malicious code but only by being very restrictive - is this still true? If so, I'd like to improve it to give the user the choice between restrictiveness and power/security and insecurity.
I'd like to hear from every effort that has been made recently in this direction, any active projects or any thoughts you have on this topic. Looks like this is _the_ thing I will be working on for the next few months if it proves to be worth(not commercially though) it.
Thanks in advance Torge
P.S.: Even replys like "wrong list, post it there:..." welcome
Torge Husfeldt jean-jacques.gelee@gmx.de writes:
I'd like to hear from every effort that has been made recently in this direction, any active projects or any thoughts you have on this topic.
Yes, I'm very interested in this. I'll get more interested when squeak networking seems more solid (with the next Flow release I imagine).
I work on a zope(python)-based wiki which supports embedded scripting. In the extreme (preferred :) case this means anonymously-editable server-side code which gets executed at every page view.
This sounds dangerous, but I think the most pressing risks have been alleviated in an interesting way by zope's security model. In fact the latter evolved into it's present form to address the former. It sounds like the issues explored here might be of interest to you.
-Simon
Torge Husfeldt jean-jacques.gelee@gmx.de said:
A while ago I heard of the (theoretical) ability of swikis to support real smalltalk scripting inside the edited pages. Is this secure?
Depends on your definition of security. Sounds like a cheap joke, but people have different ideas about security...
In the current incarnation, it would give you the same access as the user running the Swiki on the server.
On the other hand what about security in the Squeak browser plugin?
A completely different story - AFAIK it runs in a sandbox. From very restricted sandbox to a more fine-grained tunable security environment is something that has been done with Java, and there's a lot to learn from the Java security-related specifications (really :-)).
There's also Oasis, which is a sandbox for Smalltalk by Les Tyrrell. An overview sits on http://www.canis.uiuc.edu/~tyrrell/Oasis/overview.html. If you want to do a Wiki with Smalltalk in the pages, it's probably the best way to start.
A lot of documentation on capability-based security, which these systems often base on, can be found at www.erights.org, which describes the E language. IMHO, it's a must read if you're interested in these topics.
A lot of documentation on capability-based security, which these systems often base on, can be found at www.erights.org, which describes the E language. IMHO, it's a must read if you're interested in these topics.
I've done some work on building sandboxes *inside* a Sqeak image, based on capabilities. I got the basic system working, but never got a practical system going. Specifically, I had a very good sandbox, but didn't write wrappers for very many useful facilities. I did get a bouncing atoms morph working once, albeit very slowly.
Unfortunately, Sqeak has shifted and my stuff doesn't file in any longer. I keep meaning to get it working again, but it's been over a year now, and there never seems to be enough time. Since there is suddenly so much interest on this topic on the list, I'll post the writeup and the changesets just so people can see them, even though it's not immediately useful right now.
http://minnow.cc.gatech.edu/squeak/2074
The writeup, at least, may give people some ideas. It seems to me that, once you latch on to the basic idea that an object is a privilage, all other problems can be solved directly, without much imagination. Perhaps others will agree.
-Lex
Lex Spoon lex@cc.gatech.edu said:
The writeup, at least, may give people some ideas. It seems to me that, once you latch on to the basic idea that an object is a privilage, all other problems can be solved directly, without much imagination. Perhaps others will agree.
Cool. I still have the goal of getting Jini to work on Squeak, and locking down the VM is an absolute precondition for mobile code. In fact, I think that's one of the things of Java that really should be transplanted to Smalltalk (but make it optional, then :-)).
squeak-dev@lists.squeakfoundation.org