On Dec 29, 2007 2:08 PM, John M McIntosh <johnmci at smalltalkconsulting.com>
wrote:

> I think perhaps the SqueakELib project should tackle this.
>
> Squeak is not secure and does not pretend to be secure, although there
> are attempts to lock down file/socket access to keep casual users from
> doing undesirable things.  However other forks of the VM like
> SqueakELib want:
>
> " a multithreaded vm for a secure, distributed object implementation"
>
> note the word *secure*
>
> buffer overflows, bytecode hacks, well those all valid tactics against
> *secure* VMs..
>
> so go over there and ask...
> http://wiki.squeak.org/squeak/6011
>
> Otherwise if you can compile smalltalk code that causes the VM to
> crash, then we are always interested, plus you get bonus points if
> that causes VisualWorks to crash too.
>


Sure - so compiler-generated code that can crash the VM is considered a
valid Squeak bug, but hand-crafted malicious bytecodes that crash Squeak are
considered to be the programmer's fault.

My project's page is at http://gulik.pbwiki.com/SecureSqueak. I'm not ready
to start on modifying the VM, but when I get that far, I'll let people like
Ron Teitelbaum know.

Gulik.


-- 
http://people.squeakfoundation.org/person/mikevdg
http://gulik.pbwiki.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20071229/b0be5dbf/attachment.htm