Issues creating instance of SmallInteger
Alejandro F. Reimondo
aleReimondo at smalltalking.net
Sat May 13 13:27:10 UTC 2006
>An exploit for this would look like this:
>Object readFrom: 'SmalltalkImage current snapshot: false andQuit: true'
It is like turning off the computer...
e.g. I can do the same by hardware.
How you make the software "secure" to do not let my children
turn off my computer when I am using Squeak?
In practice, use of free scripting has bring powerfull
experiences for "power"users ussing commercial
applications in small and big products.
Smalltalk let power users talk to your system's objects,
and you can publish the hight level language you want
to be used and expose the objects they need in the
context of application.
The mechanism promoted with Parts (VS) was very interesting
and not followed by any other dialect of smalltalk (imho because
it's power requires experience in it's use to be observed).
Parts let power user's customize teh GUI of the product
following the constrains emerging from the underlying
model of the core system.
It was better than compilation because parts was loaded/saved
in binary mode and do not requires compilation (a really
slooow process)
best;
Ale.
----- Original Message -----
From: "Philippe Marschall" <philippe.marschall at gmail.com>
To: "The general-purpose Squeak developers list"
<squeak-dev at lists.squeakfoundation.org>
Sent: Saturday, May 13, 2006 7:20 AM
Subject: Re: Re: Issues creating instance of SmallInteger
> For the purpose of generating a SmallInteger (from XML ya know..), Object
readFrom:'42' works just fine!
Do _not_ do that. This is a _huge_ security hole. What it does it
evalutates the string. This string can be any Smalltalk code. This way
you have aribrary code execution in Smalltalk.
An exploit for this would look like this:
Object readFrom: 'SmalltalkImage current snapshot: false andQuit: true'
Do
Number readFrom: aString
instead. This has its own problems like that
Number readFrom: 'garbage'
returns 0 but this will be fixed and at leas it's safe.
Please not that also Boolean class >> #readFrom: is borken in the same
way. This is the reason why you can execute arbitrary Smalltalk code
in every Squeak image that uses SOAP either as client or server.
Combine that with FFI and X11 root exploits and you have a nightmare.
Cheers
Philippe
More information about the Squeak-dev
mailing list
|