[Cryptography Team] Securing the VM and Image
John M McIntosh
jmmcintosh at gmail.com
Tue Aug 1 07:14:02 UTC 2006
mmm, in looking it seems we check length versus data in all the
places a cursory scan show, but.
What if I pass -1 as width to
primitiveWrite24BmpLine
or
perhaps pass something odd to
primAECoerceDesc: typeCode to: result.
On 31-Jul-06, at 10:49 PM, Andreas Raab wrote:
> John M McIntosh wrote:
>> Ah, I'll note that the squeak VM really hasn't been hardened
>> against attack, it's much less paranoid than the VW VM.
>> In many places we might pass a ByteArray and a length, where the
>> length is calculated from the ByteArray in Smalltalk however
>> nothing prevents someone from making that VM call with a bogus
>> ByteArray and length and see if something interesting will happen.
>
> Which places are that?
>
> Cheers,
> - Andreas
>
--
========================================================================
===
John M. McIntosh <johnmci at smalltalkconsulting.com>
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
========================================================================
===
More information about the Squeak-dev
mailing list
|