<br><br><div class="gmail_quote">On Wed, Aug 17, 2011 at 12:01 AM, Igor Stasenko <span dir="ltr"><<a href="mailto:siguctua@gmail.com">siguctua@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5"><br>
On 16 August 2011 23:33, laurent laffont <<a href="mailto:laurent.laffont@gmail.com">laurent.laffont@gmail.com</a>> wrote:<br>
><br>
><br>
> On Tue, Aug 16, 2011 at 9:43 PM, Igor Stasenko <<a href="mailto:siguctua@gmail.com">siguctua@gmail.com</a>> wrote:<br>
>><br>
>> On 16 August 2011 22:02, laurent laffont <<a href="mailto:laurent.laffont@gmail.com">laurent.laffont@gmail.com</a>> wrote:<br>
>> ><br>
>> >><br>
>> >> ><br>
>> >> > On Tue, Aug 16, 2011 at 6:46 PM, Igor Stasenko <<a href="mailto:siguctua@gmail.com">siguctua@gmail.com</a>> wrote:<br>
>> >> >><br>
>> >> >> On 16 August 2011 16:42, laurent laffont <<a href="mailto:laurent.laffont@gmail.com">laurent.laffont@gmail.com</a>> wrote:<br>
>> >> >> ><br>
>> >> >> > Hi,<br>
>> >> >> ><br>
>> >> >> > for SmallHarbour I've cloned cogvm/blessed and then add security patches from SeasideHosting. See<br>
>> >> >> > - <a href="https://gitorious.org/~laurentlaffont/cogvm/smallharbour" target="_blank">https://gitorious.org/~laurentlaffont/cogvm/smallharbour</a><br>
>> >> >> > - <a href="https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3" target="_blank">https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3</a><br>
>> >> >> ><br>
>> >> >> > What's the best way to stay synchronized with cogvm/blessed commits ?<br>
>> >> >><br>
>> >> >> Fist you need to add blessed as remote repository:<br>
>> >> >><br>
>> >> >> git remote add blessed git://<a href="http://gitorious.org/cogvm/blessed.git" target="_blank">gitorious.org/cogvm/blessed.git</a><br>
>> >> >><br>
>> >> >> Then you can simply pull changes to your branch:<br>
>> >> >><br>
>> >> >> git pull blessed<br>
>> >> >><br>
>> >> >> and it will merge changes automatically. (of course if there's no conflicts).<br>
>> >> >><br>
>> >> >> And then<br>
>> >> >><br>
>> >> >> git push<br>
>> >> >><br>
>> >> >> to push updates to your own repository.<br>
>> >> >><br>
>> >> >> > Is it interesting to adapt this patch for integration in cogvm/blessed ?<br>
>> >> >><br>
>> >> >> Absolutely. All contributions is welcome :)<br>
>> >> >><br>
>> >> >> > Is this patch good ?<br>
>> >> >> ><br>
>> >> >><br>
>> >> >> I am a bit out of context. Where i can read a description of what you did?<br>
>> >> ><br>
>> >> ><br>
>> >> ><br>
>> >> > First the changes are quite small, originally made by Nestyle (I suppose) for SesideHosting.<br>
>> >> > This introduce the use of environment variables to restrict filesystem and port access. For example we don't want the hosted image to be able to access /etc/passwd or another account files. We don't want that 2 images use the same port.<br>
>> >> > So this patch read these environment variables:<br>
>> >> > export SQUEAK_PORT_LO=16400<br>
>> >> > export SQUEAK_PORT_HI=16407<br>
>> >> > export SQUEAK_ROOT_DIR="/service/myaccount/files"<br>
>> >> ><br>
>> >> > so only port between 16400 and 16407 can be opened, only /service/myaccount/files can be read/written.<br>
>> >> > Note that in the patch port 25 (SMTP) is always accessible.<br>
>> >> > This is very specific to SeasideHosting/SmallHarbour, so I don't think the patch should be apply as it is now in cogvm/blessed, but having such functionalities in the VM would be nice IMO.<br>
>> >> ><br>
>> >> > The commit is here - quite easy to read: <a href="https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3" target="_blank">https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3</a><br>
>> >> > Laurent.<br>
>> >> ><br>
>> >><br>
>> >> Wait. First you asking if those can be integrated, and then you saying<br>
>> >> that its too specific..<br>
>> >> Do you mean that we should discuss/think about integrating a more<br>
>> >> general form of this functionality?<br>
>> ><br>
>> ><br>
>> > Yes. Sorry for confusion :)<br>
>> > Laurent.<br>
>> ><br>
>> As to me an environment these settings is good enough. For unix-like<br>
>> systems it is pretty fine.<br>
>> But for windows, a more common is to use .ini file(s) and store settings there.<br>
><br>
><br>
> What do you think about program arguments ? Like this:<br>
> ./cog -port-filter 25,16400:16407 -fs-root /var/images/public/<br>
> on Windows<br>
> cog -port-filter 25,16400:16407 -fs-root "C:\Images\Public\"<br>
> with<br>
> -port-filter 25,8080,8081 means "allow only 25, 8080 and 8081"<br>
> -port-filter 8080:8090 means "allow ports from 8080 to 8090"<br>
><br>
<br>
</div></div>Personally i for putting security logic at language side rather than on VM side.<br>
I think that as long as you passing and parsing parameters at image<br>
side, you can use any form of them.<br>
<br>
Unless there are reasons for controlling it explicitly at VM level (so<br>
you can run arbitrary , presumably unknown image with it).<br></blockquote><div><br></div><div>Yes that's the point for a public SmallHarbour server. Actually the only way I know to inject Smalltalk code in the image is to pass a text file at startup. So we could put some security code in, but a hacker can easily put an image that does not parse this file and BOOM.</div>
<div><br></div><div>Laurent.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Also, i think that it is better to reconsider security scheme we're using.<br>
Instead of putting everything into a single place (security plugin),<br>
each plugin by own has to know its security rules/settings.<br>
Because if you look how security plugin interacting with other<br>
plugins, you will find it is not very nice.<br><br></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Then at plugin initialization it may request VM to provide<br>
command-line arguments and/or extract settings from other places.<br>
Unfortunately, command-line arguments are not exposed by VM interface<br>
(an OSProcess plugin, for instance using linking trick to get access<br>
to them).<br>
We should change that.<br><font class="Apple-style-span" color="#888888"><br></font></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><font color="#888888">
<br>
--<br>
</font><div><div></div><div class="h5">Best regards,<br>
Igor Stasenko AKA sig.<br>
</div></div></blockquote></div><br>