[squeak-dev] Re: Another FFI/Installer issue
stephane ducasse
stephane.ducasse at free.fr
Sun Aug 3 07:05:07 UTC 2008
Hi andreas
could give some examples about the security problems FFI brings into
play (buffer overflow? ... and issues like that?)
Stef
On Aug 3, 2008, at 12:52 AM, Andreas Raab wrote:
> Igor Stasenko wrote:
>> Because of that, i have a strong bias that FFI plugin should be
>> included as internal plugin into VM by default (and FFI package could
>> still be optional, but it should be tested to be able to loaded
>> without problems in ANY image).
>> The arguments for not putting it, some people like repeating, that
>> FFI
>> puts instability into image/VM seem very odd as to me. A running
>> Croquet is best illustration what such arguments worth.
>
> It's not about stability, it's about security. Without the FFI, it
> is possible to have a fairly well sand-boxed environment (see
> Squeakland for example). With the FFI, this is simply impossible.
> That's why the FFI isn't built-in, and likely never will be for any
> VMs that I release.
>
> Cheers,
> - Andreas
>
>
>
More information about the Squeak-dev
mailing list
|