--- John.Maloney@disney.com wrote:
Luciano,
How can you use #become: to write to an arbitrary place in memory? I'm not quite seeing it...
Hmm... sorry John, I'm not seeing it neither. ;) I'm quite sure I had an idea to do this some months ago. Probably I just got confused.
Anyway, here's another possible loophole, although not so easy to eploit at first sight. Over a year ago there was a discusion in the list about how to get the memory address of an object, and how to find the object corresponding to a given memory address. Someone showed that this can be done with no need to introduce new primitives. (The code is attached the end of this mail.) Now, if you are lucky enough to find something in memory that looks like a ByteArray, for instance, then you can send at:put: to that fake ByteArray. *OR*, you can create aByteArray whose contents look like the header of a very big ByteArray, and then you can get the object at aByteArray memoryAddress + aByteArray size. Using this you could do an at:put: to an arbitrary place in the heap above the object memory. Quite probably this can be used to execute arbitrary code, at least in linux.
I'm sorry if this sounds pedant. It's just that I like so much this subject that I let myself go.
Digital signatures are still useful to prove that some bundle of bits came from a well-known agency, such as Disney or Squeak Central. We may well use
DSA
for system updates, VM distribution, etc.
Yes. That would be wonderful. As you point out, a full digital signature scheme for Squeak is impractical because it would require a big organization behind it.
Anyway, Squeak is probably already a lot safer than many Microsoft systems ;) I'm not really "woried" about security issues in Squeak. The only reason I'm talking about this is that I like the subject of computer security, and it's specially interesting applied to Smalltalk.
Cheers, Luciano.-
__________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/
Luciano Notarfrancesco wrote:
--- John.Maloney@disney.com wrote:
Luciano,
How can you use #become: to write to an arbitrary place in memory? I'm not quite seeing it...
Hmm... sorry John, I'm not seeing it neither. ;) I'm quite sure I had an idea to do this some months ago. Probably I just got confused.
It's possible to corrupt memory, but probably very difficult to exploit the effect for anything else than a denial-of-service attack: Suppose you have classes A and B. A has one inst var called 'x', B has none. The following method in A is able to write beyond the bounds of an object, possible into the header of another object:
!A methodsFor: 'dirty suff'! doDirtyStuffWith: anInstanceOfB self become: anInstanceOfB. x := 'dirty stuff'
Hackers might be ingenious enough to find a way to exploit this. I currently can't think of any, but my hacker skills are a bit rusty now :-)
Digital signatures are still useful to prove that some bundle of bits came from a well-known agency, such as Disney or Squeak Central. We may well use
DSA
for system updates, VM distribution, etc.
Yes. That would be wonderful. As you point out, a full digital signature scheme for Squeak is impractical because it would require a big organization behind it.
In SCAN, I have implemented a scheme based on DSA which I believe is fairly usable. It's missing a certificate mechanism, but I have already some approaches in mind:
1. An e-mail based approach, where the server accepting a user entry could at least verify that the e-mail address given reaches the person having the appropriate private key. This is similar to some mailing list subscription mechanisms. 2. A PGP-like approach where users issue certificates for others after verifying their identity.
Probably the best thing would be to use the PGP key infrastructure and implement OpenPGP (or some reasonable subset) functionality in Squeak. I started that once but got distracted by other projects.
Bye, Hans-Martin
squeak-dev@lists.squeakfoundation.org