2008/11/23 Janko Mivšek <janko.mivsek at eranova.si>:
> Philippe Marschall wrote:
>
>>>>>>> AIDA/Web apps/websites are running as pure Smalltalk web presence,
>>>>>>> from
>>>>>>> dynamic to static content, movies included. No Apache needed, Swazoo
>>>>>>> as
>>>>>>> integral part of Aida is there to serve directly to the web.
>>>>>>
>>>>>> How do you bind port 80?
>>>>>
>>>>> Running as a root. Danger for hackers to break into? Well, in Smalltalk
>>>>> hardly :)
>>>>
>>>> Sorry but that's just not serious.
>>>
>>> Definition of what is serious is very broad. Following blindly some "best
>>> practices" is not serious for me as well. Having a right feeling for a
>>> balance between many aspects of security, that's what I regard as a
>>> mature
>>> seriousness.
>
>> I have seen aritrary remote code execution vulnerabilities in Squeak
>> in there is no telling of how many there are left.
>
> Surely I'm not the only one who like to hear more concretely about those
> vulnerabilities and how you can exploit them through the web.

Details do not matter at all for this argument. The only that matters
is that it is simple to write Smalltalk (!) code that is vulnerable to
remote code execution, that this is not theoretical and has been done
in practice and there is no telling of how much more vulnerable code
there is. That is all that matters in the argument whether it is a
good idea to run a Smalltalk service as root.

Note that this does not include all the C code that runs as root as
well when you run a Smalltalk service as root. Stuff that comes to my
mind:
- the VM
- the plugins
- any libraries you call like imagemagick
- anything you might call over OSProcess
- ...
As we see Smalltalk morphing more from a programming language to a
scripting language, meaning relying more and more on C instead of
Smalltalk (OpenDBX, Cario, GStreamer, FreeType ...) the amount of
vulerable code (C is vulnerable by definition) only increases.

This ends my argument about running anything as root.

Cheers
Philippe