[Cryptography Team] Securing the VM and Image
John M McIntosh
johnmci at smalltalkconsulting.com
Mon Jul 31 22:19:00 UTC 2006
On 31-Jul-06, at 1:50 PM, Hans-Martin Mosner wrote:
> Some unstructured ideas from the top of my head:
> Securing a Smalltalk image is pretty difficult. The VM protects the
> system against a number of security holes such as buffer overflows
> etc. which would allow external attackers to compromise security.
Ah, I'll note that the squeak VM really hasn't been hardened against
attack, it's much less paranoid than the VW VM.
In many places we might pass a ByteArray and a length, where the
length is calculated from the ByteArray in Smalltalk however
nothing prevents someone from making that VM call with a bogus
ByteArray and length and see if something interesting will happen.
Of course if the host operating system API provides some interesting
side effect ,when passing correctly constructed information from our
viewpoint, the VM won't prevent attack.
Really *all* VM entry point would need to be looked at in a proper
audit to avoid buffer overflow issues, even perhaps accidents which
generally are fatal.
Yes yes, someday I promised making a list of the entry points,
however workload seems to be stalling that event. Perhaps someone
would be interested?
That also needs to be done in order to create a set of SUnits so we
can enable some degree of cross platform testing and help people who
want to build
a VM on a new platform.
--
========================================================================
===
John M. McIntosh <johnmci at smalltalkconsulting.com>
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
========================================================================
===
More information about the Squeak-dev
mailing list
|