[squeak-dev] smalltalk and Web stuff

Gerardo Richarte gera at corest.com
Sun Nov 23 16:36:28 UTC 2008 

>>
>> How do you bind port 80?
>
> Running as a root. Danger for hackers to break into? Well, in
> Smalltalk hardly :)

I think security should be taken seriously, and better early that
latter... here my two cents to the problem, not that I think this is a
real solution, but it'll calm down those who care about running squeak
as root (IMHO, once you got non-root access to a system, it's just a
matter of time until you escalate to root, and again IMHO, Squeak and
its applicacionts, present a big risk, if only, at least, because it has
never been developed with security in mind).

    On windows, you don't need administrative privs to bind to port 80,
at least until a few versions ago (not sure in Vista). So, no need to
run as 'root' on windows.

    On Unix, you only need root privs to bind to port 80, so, of course,
two options come to mind:

    Use an external program to bind to port 80, and pass the connectio
to Squeak (for example, Apach/lighttpd, maybe with fastCgi, what I find
a VERY interesting option). Or some other small standalone program, that
the executes Squeak passing the bound socket to the child squeavm
process, where Squeak takes it from and uses it). This external program
should drop privs before calling squeak.

    Another, probably more integrated idea, whould be to drop privs from
squeak after binding to port 80... and probably chrooting to another
place. How? Here I'm attached a quick (5 minutes) interface to libc
that'll let you do it. I tested it on Linux, and had to play tricks with
libc.so so squeak finds it (I symlinked libs.so.6 (actually libc-2.7.so)
to /usr/lib/squeak/3.9-8/libc.so [sudo ln -s /lib/libc-2.7.so
/usr/lib/squeak/3.9-8/libc.so]).

    Then, after importing the attached class, you can start playing with
things like:

libc := Libc new.
libc chroot: '/tmp' " disable changes file logging before doing it "
libc setruid: 1000 euid: 1000 suid: 1000.
self setrgid: 1000 egid: 1000 sgid: 1000.

with that, you are clear on this front. Again, I don't think this is the
solution,
the 'evaluate:' example Klaus sent earlier is for me the most clear danger,
more than binary bugs in external libraries (although those are also
problems)

    anyway, adding 2 cents to the pot
    richie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LibC.st.gz
Type: application/x-gzip
Size: 470 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20081123/52691a38/LibC.st.bin

More information about the Squeak-dev mailing list