Plugin Security (Was Re: How do I create a SqueakPlugin.imagefrom a 2.9a ?)

Hans-Martin Mosner hm.mosner at cityweb.de
Sat Jan 27 10:59:06 UTC 2001 

Luciano Notarfrancesco wrote:

> --- John.Maloney at disney.com wrote:
> > Luciano,
> >
> > How can you use #become: to write to an arbitrary
> > place in memory? I'm not quite seeing it...
> >
>
> Hmm... sorry John, I'm not seeing it neither. ;) I'm
> quite sure I had an idea to do this some months ago.
> Probably I just got confused.

It's possible to corrupt memory, but probably very difficult to exploit the
effect for anything else than a denial-of-service attack:
Suppose you have classes A and B. A has one inst var called 'x', B has none.
The following method in A is able to write beyond the bounds of an object,
possible into the header of another object:

!A methodsFor: 'dirty suff'!
doDirtyStuffWith: anInstanceOfB
    self become: anInstanceOfB.
    x := 'dirty stuff'

Hackers might be ingenious enough to find a way to exploit this. I currently
can't think of any, but my hacker skills are a bit rusty now :-)

> >
> > Digital signatures are still useful to prove that
> > some bundle of bits came from a well-known agency,
> > such as Disney or Squeak Central. We may well use
> DSA
> > for system updates, VM distribution, etc.
> >
>
> Yes. That would be wonderful. As you point out, a full
> digital signature scheme for Squeak is impractical
> because it would require a big organization behind it.

In SCAN, I have implemented a scheme based on DSA which I believe is fairly
usable. It's missing a certificate mechanism, but I have already some
approaches in mind:

  1. An e-mail based approach, where the server accepting a user entry could
     at least verify that the e-mail address given reaches the person having
     the appropriate private key. This is similar to some mailing list
     subscription mechanisms.
  2. A PGP-like approach where users issue certificates for others after
     verifying their identity.

Probably the best thing would be to use the PGP key infrastructure and
implement OpenPGP (or some reasonable subset) functionality in Squeak. I
started that once but got distracted by other projects.

Bye,
Hans-Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20010127/9e6dc966/attachment.htm

More information about the Squeak-dev mailing list