Preskoči na glavno vsebino

Digitally signed Rye scripts and live code/data

Code signing was on my mind for a long time. Any security related question is no panacea, but with careful consideration I think this can bring some benefits for multiple scenarios.

Scripting languages basically run whatever code you point them to. In server scenario there is an obvious vector of attack where attacker uploads a malicious script and calls it or injects malicious code into your script files.

Programs on the client could have a need for this too. When an update comes, it helps if the code won't run if it was not signed by the same developer.

This doesn't work just for scripts. With Rye's "code is data" we also have live code. Live code (sometimes of a specific limited dialect or in specific limited context) can come over the wire or data can come over the vire and it could benefit from being digitally signed. You can see example of this in my blogpost about mobile code.

Storing/retrieving data could also benefit, for example to prevent manual change, to verify you can trust the origin of data.

Team of developers cooperating could maybe benefit ...?

The main question is what prevents the attacker to change the public keys that the runtime trusts, or the runtime altogether. I believe this will need to be thought about very carefully on per scenario basis, but there are some options.

Anyway ... this is the first step in this direction ...

Rye is on github.

Komentarji

Priljubljene objave iz tega spletnega dnevnika

Less variables, more flows example vs Python

In the last blogpost ( Less variables, more flows ) I wrote a quick practical script I needed. It was an uncommon combination of CGI, two GET requests with Cookies and a POST request with Authorization header. I really like practical random/dirty problems, rather than ideal - made up problems to test the language. To get a sense of comparison I rewrote the example 2 times while removing specific Rye features. But that comparison is meaningless to a person that doesn't know Rye or at least Rebol already. So I went on fiverr and made a request for a Python script with these requirements. I got a nicely written Python script that uses functions for each step. To be more comparable, I rewrote the Rye code to a similar structure. Below is the result ... For a next step, it would be interesting, to extract a little simpler example out and add error handling. With Rye-s specific failure handling, I think the difference would become even greater. You can find Rye on github .

Ryelang - controlled file serving example and comparison to Python

This is as anecdotal as it gets, but basic HTTP serving functions in Rye seem to be working quite OK. They do directly use the extremely solid Go 's HTTP functions, so that should be somewhat expected. I made a ryelang.org web-server with few lines of Rye code 3 months ago and the process was running ever since and served more than 30.000 pages. If not else, it  seems there are no inherent memory leaks in Rye interpreter. Those would probably show up in a 3 month long running process? And now I got another simple project. I needed to make a HTTP API for some mobile app. API should accept a key, and return / download a binary file in response if the key is correct. Otherwise it should return a HTTP error. So I strapped in and created Rye code below. I think I only needed to add generic methods stat and size? , all other were already implemented, which is a good sign. Of course, we are in an age of ChatGPT, so I used it to generate the equivalent  Python code. It used the ele...

Receiving emails with Go's smtpd and Rye

This goes a while back. At some project for user support, we needed to receive emails and save them to appropriate databases. The best option back in the day seemed project Lamson . And it worked well ever since. It was written in Python by then quite known programmer Zed Shaw. It worked like a Python based SMTP server, that called your handlers when emails arrived. It was sort of Ruby on Rails for email. We were using this ever since. Now our system needs to be improved, there are still some emails or attachments that don't get parsed correctly. That isn't the problem of Lamson, but of our code that parses the emails. But Lamson development has been passive for more than 10 years. And I am already moving smaller utilities to Rye.  Rye uses Go, and Go has this nice library smtpd , which seems like made for this task. I integrated it and parsemail into Rye and tested it in the Rye console first. Interesting function here is enter-console , that can put you into Rye console any...