Luciano,

How can you use #become: to write to an arbitrary place
in memory? I'm not quite seeing it...

You definitely noticed a clever loophole via primitive 117,
although Andreas sees a way to fix it. Thanks!

There are probably a huge number of ways to crash the
Squeak VM itself. However, we're more anxious to prevent
damage to users files or the leaking of the user's private
data via a socket connection. (The last is why the plugin VM
tries to prevent reading, as well as writing, of files
outside the sandbox.)

Squeak does support code signing via DSA, but it lacks
a certificate mechanism for key distribution. But even if it
had one, we'd need some kind of organization to pass out
certificates to people, and some way to ensure accountability.
Sure, we could invalidate a certificate if someone does
something bad, but what's to prevent that person from
getting another certificate under some other user name?
You'd really need to require proof of identity before
issuing a certificate, or they don't provide any real
accoutability. (Accountability means we could find and
punish someone who does something bad.)

Digital signatures are still useful to prove that some bundle
of bits came from a well-known agency, such as Disney or
Squeak Central. We may well use DSA for system updates, VM
distribution, etc.

>Removing write access to files is not enough. I think
>I can manage to write to an arbitrary place of the
>memory (and thus execute arbitrary code) using
>#become:. And there might be other ways to do this
>too... like replacing a CompiledMethod by a primitive
>method with primitive 117 (externalCall) and put in
>the first literal an array like described in
>Interpreter|primitiveExternalCall but with the
>appropiate address in the last position. I'm not sure
>this will work... I never tryed it.
>
>Here's a challenge: find all possible ways to execute
>arbitrary code from Squeak.
>
>Cheers,
>Luciano.-