It's surprising to me that you find this "news". 

SqueakSource is simply a WebDAV server. All the versioning logic is local, implemented in Monticello, so allowing overwrites is not really SqueakSource's "fault". Besides, even if SqueakSource disallowed overwriting a version (which it probably should) nothing would prevent somebody else to upload a *new* version that did something bad.

Loading Squeak code is inherently dangerous. Installing code usually executes "initialize" methods immediately. That could easily wipe your disk, since almost nobody is using the VM's sandbox (AFAIK, only Etoys uses that feature). OTOH this is not much different from installing a Linux package which also executes "install scripts" that potentially could do a lot of danger. But e.g. the trunk repository is not world-writable so there is no immediate risk.

It would be a lot safer if we had signed MCZ packages. Or even better, a tamper-proof history (like git).

- Bert -

On 21.03.2011, at 03:24, Matthew Fulmer wrote:

> As demonstrated by the VMMaker team, SqueakSource has a rather
> serious security vunerability:
> 
> http://bugs.squeak.org/view.php?id=7617
> 
> Below is the dialog that led to this discovery:
> 
> 
> On Sun, Mar 20, 2011 at 11:26:20AM -0700, Eliot Miranda wrote:
>>>> Hmm, wouldn't applying the “default” naming scheme prevent such
>>> overwrites?
>>>> 
>>>> That is, now there would be
>>>>       VMMaker-oscog-eem.52
>>>> for Elliots version and
>>>>       VMMaker-oscog-IgorStasenko.52
>>>> for Igors version.
>>>> What would prevent us from that?
>>>> 
>>>> I don't see a naming conflict.  I've been using VMMaker-oscog.NN since
>>> the beginning and Igor has been using  VMMaker-oscog-IgorStasenko.NN.  This
>>> isn't about names, it's about content.  Igor is miffed I didn't merge in
>>> some changes he made when I published VMMaker-oscog.52, right Igor?
>>>> 
>>> 
>>> No, you—obviously accidentally—overwrote his version of the 18th of March:
>>> 
>> 
>> So how did Monticello allow me to do that?  That's a /bad/ bug.
>> 
>> 
>>> 
>>>>>> 
>>> Name: VMMaker-oscog.52
>>> Author: IgorStasenko
>>> Time: 18 March 2011, 12:45:14 am
>>> UUID: a2810aac-4423-6740-b70e-7e821b979cb4
>>> Ancestors: VMMaker-oscog-IgorStasenko.50,
>>> VMMaker-oscog-EstebanLorenzano.50, VMMaker-oscog.51
>>> 
>>> Merge with oscog-49-51 &  Esteban-50
>>> <<<<
>>> 
>>> which has the same file name as yours:
>>> 
>>>>>> 
>>> Name: VMMaker-oscog.52
>>> Author: eem
>>> Time: 20 March 2011, 9:31:20 am
>>> UUID: 1241a856-8570-4725-a069-a6d3d8a8a222
>>> Ancestors: VMMaker-oscog.51
>>> 
>>> Fix primitiveFlushCacheByMethod for objects-as-methods.
>>> <<<<
> 
> -- 
> Matthew Fulmer (a.k.a. Tapple)
>