Plugin Security (Was Re: How do I create a SqueakPlugin.imagefrom a 2.9a ?)

Luciano Notarfrancesco lnotarfrancesco at yahoo.com
Sat Jan 27 09:52:16 UTC 2001


--- John.Maloney at disney.com wrote:
> Luciano,
> 
> How can you use #become: to write to an arbitrary
> place in memory? I'm not quite seeing it...
> 

Hmm... sorry John, I'm not seeing it neither. ;) I'm
quite sure I had an idea to do this some months ago.
Probably I just got confused.

Anyway, here's another possible loophole, although not
so easy to eploit at first sight. Over a year ago
there was a discusion in the list about how to get the
memory address of an object, and how to find the
object corresponding to a given memory address.
Someone showed that this can be done with no need to
introduce new primitives. (The code is attached the
end of this mail.) Now, if you are lucky enough to
find something in memory that looks like a ByteArray,
for instance, then you can send at:put: to that fake
ByteArray. *OR*, you can create aByteArray whose
contents look like the header of a very big ByteArray,
and then you can get the object at aByteArray
memoryAddress + aByteArray size. Using this you could
do an at:put: to an arbitrary place in the heap above
the object memory. Quite probably this can be used to
execute arbitrary code, at least in linux.

I'm sorry if this sounds pedant. It's just that I like
so much this subject that I let myself go.


>
> Digital signatures are still useful to prove that
> some bundle of bits came from a well-known agency,
> such as Disney or Squeak Central. We may well use
DSA
> for system updates, VM distribution, etc.
> 

Yes. That would be wonderful. As you point out, a full
digital signature scheme for Squeak is impractical
because it would require a big organization behind it.

Anyway, Squeak is probably already a lot safer than
many Microsoft systems ;)
I'm not really "woried" about security issues in
Squeak. The only reason I'm talking about this is that
I like the subject of computer security, and it's
specially interesting applied to Smalltalk.

Cheers,
Luciano.-

__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ObjectAddressFinder.st
Type: application/x-unknown
Size: 1222 bytes
Desc: ObjectAddressFinder.st
Url : http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20010127/eeea9700/ObjectAddressFinder.bin


More information about the Squeak-dev mailing list