ok, I get it. Ignore the previous message. Apologies.
On Fri, Jul 10, 2009 at 11:29 AM, John M McIntosh
<johnmci@smalltalkconsulting.com> wrote:
As a reminder if this is being executed on a closure VM there is a bug in the VM where interacting with the SecurityPlugin
can cause the VM to crash even if the image is not a closure based image. I attached the earlier note detailing this problem
On 10-Jul-09, at 10:16 AM, Yoshiki Ohshima wrote:
At Fri, 10 Jul 2009 08:26:49 -0700,
Yoshiki Ohshima wrote:
At Fri, 10 Jul 2009 00:10:10 -0700,
Andreas Raab wrote:
The installer works fine but once I've installed it I get VM crashes
when trying to use the plugin a browser, regardless of which browser
(Firefox, IE7, Chrome).
The crashes are extremely similar, see below:
Thank you for testing. I do get the crash, actually, too.
One theory floating was OggPlugin, but removing it seems to take any
effect. As the debug log suggests, it could be in the security
plugin. I wonder what has changed. I'll look into it.
It works fine with the VM we used to distribute with the previous
public installer, which claim to be 3.10.10 but I think with some
modification on the SecurityPlugin where it expands the
pseudo-variables like %MYDOCUMENTS% in etoys.ini. (But after
substituting them in the .ini files it still crashes, so the expanding
them may not be a problem.)
If I put self halt in #enterRestrictedMode and step execute it, it
goes through fine. It seems to suggest that some stack unbalance in a
primitive (disableFileAccess or disableImageWrite) may be the issue.
For the interest of release time, I think I put up an installer with
the old VM for now, and look into the difference from it and 3.11.2
VM.
-- Yoshiki
----------
Begin forwarded message:
From: John M McIntosh <johnmci@smalltalkconsulting.com>
Date: May 3, 2009 1:58:29 PM PDT (CA)
To: Andreas Raab <andreas.raab@gmx.de>
Subject: Fwd: Squeak crash
Sent from my iPhone
Begin forwarded message:
From: John McIntosh <johnmci@smalltalkconsulting.com>
Date: May 3, 2009 1:43:21 PM PDT (CA)
To: Eliot Miranda <eliot.miranda@gmail.com>
Cc: Bert Freudenberg <bert@freudenbergs.de>
Subject: Re: Squeak crash
Ok I'm older and wiser this morning now if I had turned check for
balanced stacks about a day ago the answer would be clearer.It seem
the code in disable read write pops the stack which unbalanced it.
Then the push literal sticks that constant in but then the method
return true uses that as the content index where in the past that slot
wasn't used or critical, so now you die
I think andreas wrote the original security code, also was there not
some recovery code for unbalanced stacks somewhere? My concern is
there other example of this which we not yet crashed over. So how
would we fix the VM to avoid? Or do we need to check all the plugin
prim code for coding issues.
On 5/2/09, John M McIntosh <johnmci@smalltalkconsulting.com> wrote:
On 30-Apr-09, at 9:12 AM, Eliot Miranda wrote:
John,
I owuld run under gdb, put a halt somehwere after the context is
created and before the primitive is called at put a watch on the
address of closureOrNil.
Ok, I'm older, but not sure I"m wiser... However
what i did is use some of the message send tracing code to break at
the point of the enterRestrictedMode send, then look at the method
contexts being allocated.
A quick check showed the message context was the third back from the
point of break on message send of enterRestrictedMode/
problem context is at
S2077c9cc <----- third back
S207a1644
S207a16a0(gdb) hereweare
Undefined command: "hereweare". Try "help".
(gdb) 1f4367a4 is the problem at 0x14 from 2077c9cc
5f e3 9a 05 80 bc 77 20 e3 00 00 00 01 00 00 00
80 86 42 20 a4 67 43 1f 30 3b 8f 1f 30 3b 8f 1f
method is
enterRestrictedMode
run again, now the context is 0x2077ceac, a set up of a
watch location for 0x14 from the start of the context triggers on the
longAtPointerput.
CASE(81)
/* pushLiteralVariableBytecode */
{
flag("requires currentBytecode to be expanded to a constant");
/* begin fetchNextBytecode */
currentBytecode = byteAtPointer(++localIP);
/* begin pushLiteralVariable: */
/* begin internalPush: */
longAtPointerput(localSP += BytesPerWord, longAt(((longAt((foo-
method + BaseHeaderSize) + (((81 & 31) + LiteralStart) <<
ShiftForWord))) + BaseHeaderSize) + (ValueIndex << ShiftForWord)));
}
;
localReturnContext is 0x2077ceac
localHomeContext is 0x2077ceac
local SP is 0x2077cec0
local IP is 0x204286fc
currentByteCode is 112
which stuffs 0x1f4367a4 into 0x2077cec0 which
is offset 0x14 in localReturnContext
then on the returnTrue for context 0x2077ceac we see the 0x1f4367a4
and start the while loop until we get a memory exception...
So let's look at the code.
enterRestrictedMode
"Some insecure contents was encountered. Close all doors and proceed."
self isInRestrictedMode ifTrue:[^true].
(SugarLauncher isRunningInRainbow or: [Preferences
securityChecksEnabled not]) ifTrue: [^true]. "it's been your choice..."
Preferences warnAboutInsecureContent ifTrue:[
(PopUpMenu confirm:
'You are about to load some insecure content.
If you continue, access to files as well as
some other capabilities will be limited.' translated
trueChoice:'Load it anyways' translated
falseChoice:'Do not load it' translated) ifFalse:[
"user doesn't really want it"
^false.
].
].
"here goes the actual restriction"
self flushSecurityKeys.
self disableFileAccess.
self disableImageWrite.
"self disableSocketAccess."
FileDirectory setDefaultDirectory: self untrustedUserDirectory.
^true
I note we are at case(81) which is hex 51 which I guess would be the
120 <51> pushLit: FileDirectory
81 <70> self
82 <D0> send: isInRestrictedMode
83 <98> jumpFalse: 85
84 <79> return: true
85 <45> pushLit: SugarLauncher
86 <D4> send: isRunningInRainbow
87 <99> jumpFalse: 90
88 <71> pushConstant: true
89 <92> jumpTo: 93
90 <43> pushLit: Preferences
91 <D2> send: securityChecksEnabled
92 <D1> send: not
93 <98> jumpFalse: 95
94 <79> return: true
95 <43> pushLit: Preferences
96 <DC> send: warnAboutInsecureContent
97 <AC 0C> jumpFalse: 111
99 <47> pushLit: PopUpMenu
100 <29> pushConstant: 'You are about to load some insecure content.
If you continue, access to files as well as
some other capabilities will be limited.'
101 <D8> send: translated
102 <2A> pushConstant: 'Load it anyways'
103 <D8> send: translated
104 <2B> pushConstant: 'Do not load it'
105 <D8> send: translated
106 <83 66> send: confirm:trueChoice:falseChoice:
108 <A8 01> jumpTrue: 111
110 <7A> return: false
111 <70> self
112 <DD> send: flushSecurityKeys
113 <87> pop
114 <70> self
115 <DE> send: disableFileAccess
116 <87> pop
117 <70> self
118 <DF> send: disableImageWrite
119 <87> pop
120 <51> pushLit: FileDirectory
121 <70> self
122 <83 12> send: untrustedUserDirectory
124 <83 30> send: setDefaultDirectory:
126 <87> pop
127 <79> return: true
Let's see if anything looks interesting
disableImageWrite
"SecurityManager default disableImageWrite"
"Primitive. Disable writing to an image file.
Cannot be revoked from the image."
<primitive: 'primitiveDisableImageWrite' module: 'SecurityPlugin'>
^self primitiveFailed
EXPORT(sqInt) primitiveDisableImageWrite(void) {
ioDisableImageWrite();
if (!(interpreterProxy->failed())) {
interpreterProxy->pop(1);
}
}
int ioDisableImageWrite() {
allowImageWrite = 0;
return 0;
}
disableFileAccess
"SecurityManager default disableFileAccess"
"Primitive. Disable unlimited access to files.
Cannot be revoked from the image."
<primitive: 'primitiveDisableFileAccess' module: 'FilePlugin'>
^self primitiveFailed
EXPORT(sqInt) primitiveDisableFileAccess(void) {
if (sDFAfn != 0) {
((sqInt (*)(void))sDFAfn)();
}
if (!(interpreterProxy->failed())) {
interpreterProxy->pop(1);
}
}
sDFAfn = interpreterProxy->ioLoadFunctionFrom("secDisableFileAccess",
"SecurityPlugin");
EXPORT(sqInt) secDisableFileAccess(void) {
return ioDisableFileAccess();
}
/* disabling/querying */
int ioDisableFileAccess(void) {
allowFileAccess = 0;
return 0;
}
=
=
=
========================================================================
John M. McIntosh <johnmci@smalltalkconsulting.com> Twitter:
squeaker68882
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
=
=
=
========================================================================
--
===========================================================================
John M. McIntosh <johnmci@smalltalkconsulting.com> Twitter: squeaker68882
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
===========================================================================