Bert Freudenberg <bert at isg.cs.uni-magdeburg.de> is claimed by the authorities to have written:

> Image writing was not disabled in restricted mode. Someone replaced the
> static call to ioCanWriteImage with a dynamic lookup and made a typo in
> the function name string.
I don't think that's actually the case; it should indeed by
ioCanWriteImage these days. It has a dynamic lookup even if the plugin
is built internal.

> If it wasn't a string, the compiler would have
> catched the error. Why is this dynamically loaded anyway? We surely
> don't ever want the SecurityPlugin to be compiled externally."!
Why not? It would be perfectly usable that way. When doing devlopment it
might even be useful to delete it and then replace it for secure
testing.
There is a really big hole in the idea of the security plugin anyway;
build the plugin internal but then write a fake one with security
turned off (just copy the code that used to be in various unix files
faking it out) and stick it in the right place. This will override
the internal one and open your kimono whether you like it or not.


tim
-- 
Tim Rowledge, tim at sumeru.stanford.edu, http://sumeru.stanford.edu/tim
Strange OpCodes: ARG: Agree to Run Garbage