On Dec 29, 2007 2:08 PM, John M McIntosh <johnmci@smalltalkconsulting.com> wrote:
I think perhaps the SqueakELib project should tackle this.

Squeak is not secure and does not pretend to be secure, although there
are attempts to lock down file/socket access to keep casual users from
doing undesirable things.  However other forks of the VM like
SqueakELib want:

" a multithreaded vm for a secure, distributed object implementation"

note the word *secure*

buffer overflows, bytecode hacks, well those all valid tactics against
*secure* VMs..

so go over there and ask...

Otherwise if you can compile smalltalk code that causes the VM to
crash, then we are always interested, plus you get bonus points if
that causes VisualWorks to crash too.

Sure - so compiler-generated code that can crash the VM is considered a valid Squeak bug, but hand-crafted malicious bytecodes that crash Squeak are considered to be the programmer's fault.

My project's page is at http://gulik.pbwiki.com/SecureSqueak. I'm not ready to start on modifying the VM, but when I get that far, I'll let people like Ron Teitelbaum know.