secuirty and distributed programming with newLISP

Started by dido, August 11, 2006, 08:18:47 AM

Previous topic - Next topic

dido

I just ran into newLISP today while looking for new Lisp dialects (seeing as Common Lisp and Scheme in many ways make most of my workaday tasks more difficult than they should be, although they are also neat), and so far it seems that this has got a lot of potential. The distributed programming facility based on net-eval seems incredibly interesting, comparable to Ruby's DRb in power and perhaps even more flexible, but what has me worried is that newLISP doesn't seem to have any support whatsoever for SSL or any other type of encryption/authentication mechanism. This is an absolute necessity for any kind of distributed system that is to operate over a wide-area network. Running a newLISP server over a public network is, if I'm understanding things correctly, basically opening a hole that allows anyone with a telnet client to execute arbitrary code on your system. Kinda scary, to say the least. I hope there is some work to including OpenSSL or gnutls support into newLISP so that this major security flaw can be addressed. Also, would there be a way to restrict what can be evaluated by net-eval?



By the way, is there a mailing list for newLISP discussion? Call me old-fashioned but I'm more used to having a mailing list for these kinds of discussions.

newdep

#1
Hi Dido,



Welcome ;-)  Your right if you say ssl is important, I could say ssl is a nice to have for security ideed. Though a part of the newlisp philosophy is to keep the base executable

tight and small.



I think an external newlisp context based on openssl or any direct lib calls to openssl

is not that difficult, but indeed you need to dig into the library of ssl.  Even using external

tunneling can be done with other tools, but i agree you dont waana glue it all together..



Well perhpas someone has already put its efforts into it?



Norman.
-- (define? (Cornflakes))

Dmi

#2
Hi, guys!



External SSL support library would be nice.



Dido,

About restricting net-eval capabilities - imho, this mostly is a security utopia.

Better is to run remote newlisp in restricted chrooted environment and then to pray that the unix kernel has no local security holes.

For a real security in untrusted network you'll need to implement your own task-oriented protocol.



Also you may use "indent" technology. Look at http://en.feautec.pp.ru/SiteNews/ContextIDENT">//http://en.feautec.pp.ru/SiteNews/ContextIDENT for a sample code.
WBR, Dmi

Lutz

#3
Adding some sort of SSL support is high on my lists of things to do in newLISP. Probably some solution with GnuTLS, offering TLS and SSL 3.0 support.



At the moment for authorization purposes one could either use the newLISP 'exec' function together the Unix utiity curl or import the relevant functions from libcurl, which is standard on many Unix systems, i.e. libcurl.dylib on Mac OS X.



If the following of standards is not important, like in securing newLISP to newLISP communications via 'net-eval', one could use the built-in function 'encrypt' to do a one-pad encryption. May be I add this as a built-in option for the 'net-eval' function?



But perhaps security in the case of distributed applications shouldn't be at the level of the application but on a system level, i.e. via VPN or SSH tunneling etc.?



The distributed projects with newLISP I have been involved run on an intranet behind a firewall and this is the case for most distributed projects. But there may be some applications where neither VPN nor other tunneling is an option, i.e. peer2peer apps. like Skype etc.



Lutz