"Raab, Andreas" wrote:

> That depends. The basic things you want to have secure are:
> * File I/O,
> * Socket I/O,
> * External (named) primitives, and,
> * Image writing.
Just plugging again - the file & socket stuff will soon be available as
VM plugins, so secure or restrictive versions would be easy to
substitute. Image writing... hmmm, I wonder.

> I don't think you are right. Please try to give me an example where you
> don't go through any primitive that can be trivially secured (e.g., don't
> use the FFI - this one will *never* count as secure ;-) I would even argue
> that you can't even create an oop from within Squeak that points somewhere
> outside Squeak memory. If you can, please show us how.
Actually  I can thing of one faintly possible case that you (Andreas)
created just recently; external bitmaps.... though it's probalby hard to
do much damage with non-oop objects.