Squeak security [changed from Re: A bit of header]

Jan Bottorff janb at pmatrix.com
Wed Nov 4 00:32:36 UTC 1998 

At 01:38 AM 11/3/98 -0300, sqrmax at cvtci.com.ar wrote:
>What do you think about using one of the unused bits in the image header as 
>a flag to tell if the image was properly closed or not? This would allow the 
>VM to warn the user if he/she tries to open a not closed image. An example 
>of this is to open an image twice, which can result in a damaged changes
file.

If the goal is to prevent changes corruption, wouldn't it be better to open
the changes file with exclusive sharing access? Mabey on the first time you
write something to changes. 

I could easily imagine cases where you might want multiple instances of an
image open, each in a different process, that never write to a changes
file. For example, an end application image (people might actually want to
deploy finished Smalltalk apps, not just live in the development environment).

Or mabey some method of putting a checksum on an image. The very best case
would be you put a digital signature on an image, not only would this prove
the image was not corrupted, but could prove where it came from. The danger
of viruses loading in an image seem quite real. Every time you fileIn a
piece of random Smalltalk code, your image is in danger of getting
infected. The Java folks have taken steps to prevent this, even the
Microsoft folks have taken steps. Any kind of crypto support in Squeak
might cause US export issues though :(

Mabey instead of making armchair comments, I should look into what really
might be done to improve Squeak security. Any pointers to previous
Smalltalk security projects?


- Jan
___________________________________________________________________
            Paradigm Matrix Inc., San Ramon California
   "video products and development services for Win32 platforms"
Internet: Jan Bottorff janb at pmatrix.com
          WWW          http://www.pmatrix.com
Phone: voice  (925) 803-9318
       fax    (925) 803-9397
PGP: public key  <http://www-swiss.ai.mit.edu/~bal/pks-toplev.html>
     fingerprint  52 CB FF 60 91 25 F9 44  6F 87 23 C9 AB 5D 05 F6
___________________________________________________________________

More information about the Squeak-dev mailing list