If the host of SmallHarbour is running with FreeBSD 8 or Solaris, you
can use the "capabilities" feature to give restrictive priviledges to
the program or to some parts of the program. In short a capability is a
pair of a reference to an object in the system with the rights on that
object. You can allocate to the program a set of capabilities that
define the security environment within which it will run.
Mig
Le 06/08/2011 14:31, Dale Henrichs a écrit :
Laurent,
I think that the best defense is the limited access/rights unix account,
perhaps even a separate unix user per account (to provide isolation between
accounts) ... I think this is what VMware does in in its Cloud Foundry ... to
be completely safe you'd have to turn off the ability to read and write files
and turn off socket access (this is what javascript in the browser does), but
going this far severely limits what you can do in the image ... I would think
that you could screw things down pretty tight just using unix permissions ....
Dale
----- Original Message -----
| From: "laurent laffont"<[email protected]>
| To: "Seaside - developer list"<[email protected]>, "An
open mailing list to discuss any topics
| related to an open-source Smalltalk"<[email protected]>
| Sent: Saturday, August 6, 2011 3:06:38 AM
| Subject: [Pharo-project] Web app security
|
| Hi,
|
|
| with a public SmallHarbour (public fork of SeasideHosting -
| smallharbour.org ) people can upload images that do bad things:
| change filesystem, run commands, ....
|
|
| Actually, what are the ways of securing a server so people can't do
| bad things ?
|
|
| I'm thinking of:
| - run the vm/image within a low right unix account
| - remove dangerous plugins (OSProcess, ?)
|
|
| Can we easily chroot ?
|
|
| what are known solutions ?
|
|
| Laurent.
