On Dec 29, 2007 2:08 PM, John M McIntosh johnmci@smalltalkconsulting.com wrote:
I think perhaps the SqueakELib project should tackle this.
Squeak is not secure and does not pretend to be secure, although there are attempts to lock down file/socket access to keep casual users from doing undesirable things. However other forks of the VM like SqueakELib want:
" a multithreaded vm for a secure, distributed object implementation"
note the word *secure*
buffer overflows, bytecode hacks, well those all valid tactics against *secure* VMs..
so go over there and ask... http://wiki.squeak.org/squeak/6011
Otherwise if you can compile smalltalk code that causes the VM to crash, then we are always interested, plus you get bonus points if that causes VisualWorks to crash too.
Sure - so compiler-generated code that can crash the VM is considered a valid Squeak bug, but hand-crafted malicious bytecodes that crash Squeak are considered to be the programmer's fault.
My project's page is at http://gulik.pbwiki.com/SecureSqueak. I'm not ready to start on modifying the VM, but when I get that far, I'll let people like Ron Teitelbaum know.
Gulik.