Plugin Security (Was Re: How do I create a SqueakPlugin.image from a 2.9a ?)

Luciano Notarfrancesco lnotarfrancesco at yahoo.com
Tue Jan 23 03:23:21 UTC 2001


Removing write access to files is not enough. I think
I can manage to write to an arbitrary place of the
memory (and thus execute arbitrary code) using
#become:. And there might be other ways to do this
too... like replacing a CompiledMethod by a primitive
method with primitive 117 (externalCall) and put in
the first literal an array like described in
Interpreter|primitiveExternalCall but with the
appropiate address in the last position. I'm not sure
this will work... I never tryed it.

Here's a challenge: find all possible ways to execute
arbitrary code from Squeak.

Cheers,
Luciano.-


--- Russell Allen <russell.allen at firebirdmedia.com>
wrote:
> Karl Ramberg <karl.ramberg at chello.se> wrote:
> > Russell Allen wrote:
> > > I guess it depends whether we think people using
> the plugin will need
> > > the source - personally I would like
> SqueakPlugin.image to be a shrunked
> > > image but still be with changes and source files
> (can we shrink them
> > > too?  Or offload the comments to a website
> somewhere?)
> > 
> > I think there is an issue with security and
> therefor only saveing to the
> > image file is enabled. 
> 
> I appear to be able to read and write the entire
> directory that the
> image is in.  On Windows machines this is the
> directory that all of the
> plugins are in, so theoretically I could write a
> squeaklet that deleted
> all competing plugins such as shockwave and flash :)
>  
> 
> Worse, I could replace them (and Squeak) with
> alternate binaries :(
> 
> Even if I was only allowed to save the image, I
> could at the very least
> mount a DOS attack on the machine by filling the HD
> up with an image
> bloated with random data.
> 
> Obviously in time a full security system with
> sandpits and trust levels
> would be nice; in the meantime could we disable the
> ability of
> SqueakAsPlugin to write to the local drive at all? 
> (With the exception
> of automatic updates to the VM/image - maybe that
> should be done at the
> VM level? With cryptographically signed updates? :)
> 
> Cheers,
> 
> Russell
> 
> ----------------------------------------
> Russell Allen
> 
> russell.allen at firebirdmedia.com
> 
> ----------------------------------------
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/





More information about the Squeak-dev mailing list