Hi gang, Well I just took a look at the link below and I must say it's very impressive. However, it does bring up the possibility of nasty squeak viruses infecting your machine. Some thought should be given regarding a security mechanism to limit or prevent such things if Squeak/web applets are to be produced.
Also, sorry for the long lapse in updates. Unfortunately, I've been busy with my real job and haven't had any real time to Squeak. Therefore, I'm going to upload my BeOS Squeak project somewhere (assuming I can find a site for it) and release it to anyone who wants to take it on. Hopefully, someone can get it done faster than I can (I'm going thru a Squeak and BeOS learning curve...twice the work) and I'm not sure when work will give me a breather to be able to finish this.
Cheers, S
------------------------------------------------------------------------ ----------------------------- Serg Koren Principal VisualNewt Software, Makers of Newt'sPaper(tm): http://www.VisualNewt.com/ ICQ: 9079417 ------------------------------------------------------------------------ ----------------------------
-----Original Message----- From: russell.allen@firebirdmedia.com [mailto:russell.allen@firebirdmedia.com] Sent: Wednesday, October 28, 1998 7:42 PM To: squeak@cs.uiuc.edu Subject: Re: Optimization for portables
"Alejandro F. Reimondo" aleReimondo@sugarweb.com wrote:
Not a plugIn (yet) But as anActiveX object that can be enbedd in a web page. You can see at <a
href="http://www.sugarWeb.com/Web/Squeak/readme.htm%22%3Ehttp://www.sugarWeb.com /Web /Squeak/readme.htm</a>
I recently came across a system called VNC (www.orl.co.uk/vnc). This is a client/server arrangement with a (very) thin client, which is a Java applet, available under the GPL.
The protocol used is fairly simple; and it looks like it wouldn't be too difficult to make Squeak a VNC server. I don't know about the speed this system would have, but since it is stateless, with all of the computing being done on the server, it would get around the problem of large image sizes that both Squeak as ActiveX and Squeak as a plug-in would have.
Any thoughts?
Russell
Serg Koren wrote: ---snip---
However, it does bring up the possibility of nasty squeak viruses infecting your machine. Some thought should be given regarding a security mechanism to limit or prevent such things if Squeak/web applets are to be produced.
This is one of those projects that has not yet gotten attention. Ted Kaehler posted this spec and challenge last year for a file-safe VM for Squeak:
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Subject: File-safe Squeak VM Date: Mon, 8 Sep 1997 18:16:28 -0700 From: "Ted K." tedk@wdi.disney.com
Folks, We have discussed servers written in Squeak that evaluate an arbitrary Smalltalk expression, or serve up HTML. These serves are vulnerable to any Smalltalk virus that overwrites the server's hard disk. Mark Lentczner and I have been thinking about this issue for several years, and have written up the way we made Codeworks(tm) be file-safe. See http:www.glyphic.com/glyphic/papers/safehelperapps/title.html (Glyphic Codeworks is a prototype-based Smalltalk-like system available for the Mac for free at www.glyphic.com)
For Squeak, I've come up with the following spec for a File-Safe VM. The idea is that user code can wreck havoc within the Squeak image, but can only do limited damage on the host's disk. With these restrictions, in each session, only files in one folder can be read and written, only a limited number of new files can be opened, and only a limited number of bytes can be written. In addition, we want a user who accidentally runs into the limits to be able to save his work one last time before the system refuses to write anymore. Only servers and other special applications would use this VM. Normal operation of the server would not trigger these limits.
The File-Safe VM proposal:
1) A new flag "NoVirus" in the C translator. False for the normal Squeak VM, and true for the File-Safe VM.
2) At Squeak startup, init some counters in C. Put 100 into SessionNewFiles, put 10,000,000 in SessionBytesWrt.
3) Code in the File primitive: If NoVirus, file prim will not read or write outside the Squeak folder. That folder is found by some fixed path from either the .image location or the .exe location. Writing in the .image is also allowed (used to save a modified image after sys updates). Served pages must be in a folder within the Squeak folder.
4) If NoVirus, no file types may be written except those of .sqo, text, and image (Mac). No files ending in suffixes other than .sqo, .img, or ..txt may be written (PC) (This is to block out .exe, and other special suffixes.) No aliases may be written.
5) If NoVirus, every file rename or file creation decrements SessionNewFiles. When zero, do the primitive, but also return an error code. The Squeak file code puts up the message "More than 100 files were created this session. To prevent viruses, we do not allow more. After this write is complete, quit Squeak." When less than zero, just fail the primitive. (How check for a code when the primitive succeeds? In the File info block??)
6) If NoVirus, all bytes witten decrement SessionBytesWrt. When 1 meg or less, do the primitive, but also return an error code. The Squeak file code puts up the message "More than 9 megs were written on the disk this session. To prevent viruses, we do not allow more. After this write is complete, quit Squeak." When less than zero, just fail the primitive.
7) No Apple Events or ActiveX interprocess events are allowed. (Don't allow another app to do the file writing for us.)
8) If NoVirus, disable the escape to user-supplied C code, or to direct OS calls (when we have these in Squeak).
Creating this new VM would not only help Squeak web servers, but also any end-user Squeak applications that involve blindly downloading Squeak code over the web. Would you like to do it?
--Ted Kaehler. """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
One basic thing I noticed about the demo is that the OCXs weren't signed which caused IE to warn of potential security breaches and caused me to configure the IE security prefs to a lower level to even let me run it. I think any such Squeak OCXs, OXAs, etc should be signed. That would allow users to set their browsers to a higher security level. Another possibility (again fairly painless) would be to register them with Verisign. Of course this would be in addition to any architectural safeguards.
S
Serg Koren wrote: ---snip---
However, it does bring up the possibility of nasty squeak viruses infecting your machine. Some thought should be given regarding a security mechanism to limit or prevent such things if Squeak/web applets are to be produced.
This is one of those projects that has not yet gotten attention. Ted Kaehler posted this spec and challenge last year for a file-safe VM for Squeak:
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Subject: File-safe Squeak VM Date: Mon, 8 Sep 1997 18:16:28 -0700 From: "Ted K." tedk@wdi.disney.com
Folks, We have discussed servers written in Squeak that evaluate an arbitrary Smalltalk expression, or serve up HTML. These serves are vulnerable to any Smalltalk virus that overwrites the server's hard disk. Mark Lentczner and I have been thinking about this issue for several years, and have written up the way we made Codeworks(tm) be file-safe. See http:www.glyphic.com/glyphic/papers/safehelperapps/title.html (Glyphic Codeworks is a prototype-based Smalltalk-like system available for the Mac for free at www.glyphic.com)
For Squeak, I've come up with the following spec for a File-SafeVM. The idea is that user code can wreck havoc within the Squeak image, but can only do limited damage on the host's disk. With these restrictions, in each session, only files in one folder can be read and written, only a limited number of new files can be opened, and only a limited number of bytes can be written. In addition, we want a user who accidentally runs into the limits to be able to save his work one last time before the system refuses to write anymore. Only servers and other special applications would use this VM. Normal operation of the server would not trigger these limits.
The File-Safe VM proposal:
- A new flag "NoVirus" in the C translator. False for the normal Squeak
VM, and true for the File-Safe VM.
- At Squeak startup, init some counters in C. Put 100 into
SessionNewFiles, put 10,000,000 in SessionBytesWrt.
- Code in the File primitive: If NoVirus, file prim will not read or
write outside the Squeak folder. That folder is found by some fixed path from either the .image location or the .exe location. Writing in the .image is also allowed (used to save a modified image after sys updates). Served pages must be in a folder within the Squeak folder.
- If NoVirus, no file types may be written except those of .sqo, text,
and image (Mac). No files ending in suffixes other than .sqo, .img, or .txt may be written (PC) (This is to block out .exe, and other special suffixes.) No aliases may be written.
- If NoVirus, every file rename or file creation decrements
SessionNewFiles. When zero, do the primitive, but also return an error code. The Squeak file code puts up the message "More than 100 files were created this session. To prevent viruses, we do not allow more. After this write is complete, quit Squeak." When less than zero, just fail the primitive. (How check for a code when the primitive succeeds? In the File info block??)
- If NoVirus, all bytes witten decrement SessionBytesWrt. When 1 meg
or less, do the primitive, but also return an error code. The Squeak file code puts up the message "More than 9 megs were written on the disk this session. To prevent viruses, we do not allow more. After this write is complete, quit Squeak." When less than zero, just fail the primitive.
- No Apple Events or ActiveX interprocess events are allowed. (Don't
allow another app to do the file writing for us.)
- If NoVirus, disable the escape to user-supplied C code, or to direct
OS calls (when we have these in Squeak).
Creating this new VM would not only help Squeak web servers, butalso any end-user Squeak applications that involve blindly downloading Squeak code over the web. Would you like to do it?
--Ted Kaehler. """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
------------------------------------------------------------------- VisualNewt Software http://www.VisualNewt.com/
------------------------------------------------------------------- Makers of Newt'sPaper(tm) - the premiere newsreader for the Newton and Newt'sWeather(tm) - the Newton's weather solution.
-------------------------------------------------------------------
squeak-dev@lists.squeakfoundation.org
-
Dwight Hughes -
Serg Koren -
Serg Koren