On 12/7/05, ryanm <[EMAIL PROTECTED]> wrote:
> > Raw sockets, are still restricted by the same cross-domain
> > restrictions as exist in flash 7 & 8, so sites have to specifically
> > allow flash clients to connect (opt-in)
> >
> Well, obviously, a virus author would allow connections from other
> domains, to allow his virus to spread. The cross-domain restrictions protect
> the *server* from your flash, not the client.
>
> > direct access to sound buffer? how could there be any security
> > problems with this? flash already can play sounds, so the most direct
> > access would let you do, is create very strange sounds that maybe you
> > couldn't compress in mp3? maybe you could write some kind of nerual
> > virus, that when people hear it, in infects their brain?
> >
> No, direct access would let you write *any* kind of binary data to the
> sound buffer, and when the sound buffer overflows, that data gets dumped
> into a predictable place (in memory or to disk, depending on the OS, etc).
> If they can find a way to execute that code they can install a virus on the
> client, bypassing both the virus scanner and the firewall. It's old school,
> I know, but it is still being used by viruses all the time. Add into the
> equation file system access and you've got a whole list of ways to
> compromise the client with an innocent-looking Flash x-mas card.
>
> ryanm
All the time? Can you provide any examples? I'm somewhat curious about this now.
Even if this were true, all MM would have to do to prevent this, is
just add some checks in the flash runtime so that it doesn't let you
write past the end of the buffer. Like:
// pseudo code of internal flash player logic
function SoundDevice.fillBuffer(data:ByteArray):Boolean {
if(data.length > _internalSoundBuffer.length)
return false;
_internalSoundBuffer.copyData(data, data.length);
return true;
}
Not exactly rocket science. Buffer overflows are preventable.
-David R
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
