[Vm-dev] Proposal: disable module loading
Bert Freudenberg
bert at freudenbergs.de
Tue Mar 22 15:09:10 UTC 2011
On 22.03.2011, at 14:10, Igor Stasenko wrote:
> Hello,
>
> just as outcome of previous discussion about security.
> I think that we missing a mechanism(s) in VM, which will prevent
> loading new modules into running system, to ensure that
> no external code could compromise a system security.
I like this :)
- Bert -
> In terms of implementation a change is quite simple:
>
> - add a flag into VM's state, named moduleLoadingEnabled
> - initially this flag should be set to true during system startup
> - add a primitive which resets this flag
>
> Then modify
>
> ioLoadModule: OfLength:
> to fail unconditionally if module loading is disabled.
>
> In practice this means that knowing a secure set of modules you are
> need for your deployment scenario and have them all loaded at startup,
> you intentionally disabling a module loading mechanism,
> to prevent any chance to interact with modules which could compromise
> your security model.
>
> There's also a missing bit in VM api to explicitly load the module
> with given name.
> However it is included in IA32ABIPlugin (#primLoadLibrary), but then
> maybe you don't want to have IA32ABIPlugin at first place,
> that's why i proposing to promote this primitive to core VM API.
>
> So, by having these bits working, one could implement sandbox mode
> quite easily, by doing something like following during image startup:
>
> self deployed ifTrue: [
> " make sure we loaded modules we will need"
> #(
> 'PluginA'
> 'PluginB'
> ....
> 'PluginZ'
> ) do: [ :each | Smalltalk loadModule: each ].
>
> Smalltalk disableModuleLoading.
> ].
>
> Then later any code that will try to use plugins, that is not loaded
> before you disabled module loading mechanism, will simply fail.
>
> This will be good addition to existing security mechanisms.
>
> --
> Best regards,
> Igor Stasenko AKA sig.
> <sqNamedPrims.c><StackInterpreterPrimitives-primitiveDisableModuleLoading.st><StackInterpreterPrimitives-primLoadModule.st><SmalltalkImage-loadModule.st><SmalltalkImage-disableModuleLoading.st>
More information about the Vm-dev
mailing list