On 31-Jul-06, at 1:50 PM, Hans-Martin Mosner wrote:

> Some unstructured ideas from the top of my head:
> Securing a Smalltalk image is pretty difficult. The VM protects the  
> system against a number of security holes such as buffer overflows  
> etc. which would allow external attackers to compromise security.

Ah, I'll note that the squeak VM really hasn't been hardened against  
attack, it's much less paranoid than the VW VM.
In many places we might pass a ByteArray and a length, where the  
length is calculated from the ByteArray in Smalltalk however
nothing prevents someone from making that VM call with a bogus  
ByteArray and length and see if something interesting will happen.
Of course if the host operating system API provides some interesting  
side effect ,when passing correctly constructed information from our  
viewpoint,  the VM won't prevent attack.

Really *all* VM entry point would need to be looked at in a proper  
audit to avoid buffer overflow issues, even perhaps accidents which  
generally are fatal.

Yes yes, someday I promised making a list of the entry points,  
however workload seems to be stalling that event. Perhaps someone  
would be interested?
That also needs to be done in order to create a set of SUnits so we  
can enable some degree of cross platform testing and help people who  
want to build
a VM on a new platform.


--
======================================================================== 
===
John M. McIntosh <johnmci at smalltalkconsulting.com>
Corporate Smalltalk Consulting Ltd.  http://www.smalltalkconsulting.com
======================================================================== 
===