Why was FFI removed from the 3.0 VM's?
Ned Konz
ned at bike-nomad.com
Sat Mar 17 22:00:40 UTC 2001
On Saturday 17 March 2001 07:11, David T. Lewis wrote:
> On Fri, Mar 16, 2001 at 07:42:59AM -0800, Ned Konz wrote:
> > As an aside, the OSProcess stuff should probably be disabled in a sandbox
> > too if it isn't already (David Lewis, are you listening?).
>
> As long as UnixOSProcessPlugin.so is not in the search path, it would be
> safe, right? Should I add an explicit check for the "secure" setting?
I don't know how much control we have over the search path for libraries; if
someone has added it to /etc/ld.so.conf, I suspect it's going to get found.
Or is there an explicit search path for libraries in Squeak?
And on other OS's (I know, OSProcess doesn't do them yet) it may be less
secure.
Of course, I don't know offhand how to check for the sandbox (the Unix VM
sources pretty much no-op the security stuff right now).
What I was concerned about is running a Squeaklet off the net that includes
UnixOSProcess and results in the Plugin.so getting loaded (and then damaging
stuff on my disk).
--
Ned Konz
currently: Stanwood, WA
email: ned at bike-nomad.com
homepage: http://bike-nomad.com
More information about the Squeak-dev
mailing list
|