[squeak-dev] Re: Another FFI/Installer issue

stephane ducasse stephane.ducasse at free.fr
Sun Aug 3 07:05:07 UTC 2008


Hi andreas

could give some examples about the security problems FFI brings into  
play (buffer overflow? ... and issues like that?)

Stef

On Aug 3, 2008, at 12:52 AM, Andreas Raab wrote:

> Igor Stasenko wrote:
>> Because of that, i have a strong bias that FFI plugin should be
>> included as internal plugin into VM by default (and FFI package could
>> still be optional, but it should be tested to be able to loaded
>> without problems in ANY image).
>> The arguments for not putting it, some people like repeating, that  
>> FFI
>> puts instability into image/VM seem very odd as to me. A running
>> Croquet is best illustration what such arguments worth.
>
> It's not about stability, it's about security. Without the FFI, it  
> is possible to have a fairly well sand-boxed environment (see  
> Squeakland for example). With the FFI, this is simply impossible.  
> That's why the FFI isn't built-in, and likely never will be for any  
> VMs that I release.
>
> Cheers,
>  - Andreas
>
>
>




More information about the Squeak-dev mailing list