Philippe Marschall wrote:

>>> I have seen aritrary remote code execution vulnerabilities in Squeak
>>> in there is no telling of how many there are left.

>> Surely I'm not the only one who like to hear more concretely about those
>> vulnerabilities and how you can exploit them through the web.

> Details do not matter at all for this argument. The only that matters
> is that it is simple to write Smalltalk (!) code that is vulnerable to
> remote code execution, that this is not theoretical and has been done
> in practice and there is no telling of how much more vulnerable code
> there is. That is all that matters in the argument whether it is a
> good idea to run a Smalltalk service as root.
> 
> Note that this does not include all the C code that runs as root as
> well when you run a Smalltalk service as root. Stuff that comes to my
> mind:
> - the VM
> - the plugins
> - any libraries you call like imagemagick
> - anything you might call over OSProcess
> - ...
> As we see Smalltalk morphing more from a programming language to a
> scripting language, meaning relying more and more on C instead of
> Smalltalk (OpenDBX, Cario, GStreamer, FreeType ...) the amount of
> vulerable code (C is vulnerable by definition) only increases.
> 
> This ends my argument about running anything as root.

All C code is "protected" by Smalltalk, because you can explore VM and 
plugin vulnerabilities only through Smalltalk. Of course you can 
intentionally or unintentionally write such Smalltalk code, but this is 
another story.

 From web viewpoint there is another layer of protection: web server + 
web framework and its security. If web framework is secure enough then 
don't see any other way except web application itself to let allow the 
intruder in.

Janko

-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si