[Pharo-project] [squeak-dev] Security Vunerability in SqueakSource
Marcus Denker
marcus.denker at inria.fr
Mon Mar 21 10:11:00 UTC 2011
On Mar 21, 2011, at 9:27 AM, Tobias Pape wrote:
> Am 2011-03-21 um 03:24 schrieb Matthew Fulmer:
>
>> As demonstrated by the VMMaker team, SqueakSource has a rather
>> serious security vunerability:
>>
>> http://bugs.squeak.org/view.php?id=7617
>>
>> Below is the dialog that led to this discovery:
>>
>
>
> Note that SqueakSource 2 and 3 are unaffected of this bug.
> Moreover, find attached a quick fix that is a backport of
> the conflict handling in SqueakSource 2 to the original
> SqueakSource.
>
Ok, we added the fix.
We verified and versions are not overridden.
The strange thing is that MC in the image thinks it was successful and gets confused.
A restart of the image shows the correcnt data, so on the squeaksource side the
meta data is ok.
So as a first workaround, this is working but we should look into a correct error handling
on the MC on the image side later.
Marcus
--
Marcus Denker -- http://www.marcusdenker.de
INRIA Lille -- Nord Europe. Team RMoD.
More information about the Squeak-dev
mailing list
|