Issues creating instance of SmallInteger
philippe.marschall at gmail.com
Sat May 13 14:32:10 UTC 2006
2006/5/13, Alejandro F. Reimondo <aleReimondo at smalltalking.net>:
> >An exploit for this would look like this:
> >Object readFrom: 'SmalltalkImage current snapshot: false andQuit: true'
> It is like turning off the computer...
Yes, it is also called DoS attack.
> In practice, use of free scripting has bring powerfull
> experiences for "power"users ussing commercial
> applications in small and big products.
> Smalltalk let power users talk to your system's objects,
> and you can publish the hight level language you want
> to be used and expose the objects they need in the
> context of application.
Yes and by doing Object/Boolean class >> #readFrom: on data received
from the web you give the same power to balckhat hackers. No longer do
they need to write their exploits in hardware language. The can use
Smalltalk sourcecode which is highlevel and portable. The can also
make use of powerful Smalltalk features like:
- walk over all instances of all classes that have "user" in their
name and inspect them
- use the compiler (add or change classes or methods)
- change the compiler
- change to tools to not show code they added or changed
- use FFI
- send the whole image somewhere
More information about the Squeak-dev