On 31-Jul-06, at 1:50 PM, Hans-Martin Mosner wrote:
Some unstructured ideas from the top of my head: Securing a Smalltalk image is pretty difficult. The VM protects the system against a number of security holes such as buffer overflows etc. which would allow external attackers to compromise security.
Ah, I'll note that the squeak VM really hasn't been hardened against attack, it's much less paranoid than the VW VM. In many places we might pass a ByteArray and a length, where the length is calculated from the ByteArray in Smalltalk however nothing prevents someone from making that VM call with a bogus ByteArray and length and see if something interesting will happen. Of course if the host operating system API provides some interesting side effect ,when passing correctly constructed information from our viewpoint, the VM won't prevent attack.
Really *all* VM entry point would need to be looked at in a proper audit to avoid buffer overflow issues, even perhaps accidents which generally are fatal.
Yes yes, someday I promised making a list of the entry points, however workload seems to be stalling that event. Perhaps someone would be interested? That also needs to be done in order to create a set of SUnits so we can enable some degree of cross platform testing and help people who want to build a VM on a new platform.
-- ======================================================================== === John M. McIntosh johnmci@smalltalkconsulting.com Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com ======================================================================== ===