[Pharo-project] [squeak-dev] Security Vunerability in SqueakSource

Marcus Denker marcus.denker at inria.fr
Mon Mar 21 10:11:00 UTC 2011

On Mar 21, 2011, at 9:27 AM, Tobias Pape wrote:

> Am 2011-03-21 um 03:24 schrieb Matthew Fulmer:
>> As demonstrated by the VMMaker team, SqueakSource has a rather
>> serious security vunerability:
>> http://bugs.squeak.org/view.php?id=7617
>> Below is the dialog that led to this discovery:
> Note that SqueakSource 2 and 3 are unaffected of this bug.
> Moreover, find attached a quick fix that is a backport of
> the conflict handling in SqueakSource 2 to the original
> SqueakSource.

Ok, we added the fix.

We verified and versions are not overridden.

The strange thing is that MC in the image thinks it was successful and gets confused.
A restart of the image shows the correcnt data, so on the squeaksource side the
meta data is ok. 

So as a first workaround, this is working but we should look into a correct error handling 
on the MC on the image side later.


Marcus Denker  -- http://www.marcusdenker.de
INRIA Lille -- Nord Europe. Team RMoD.

More information about the Squeak-dev mailing list