and besides: VMs is packaged with FFI as dynamic library. So, if you want extra safety - simply don't shipp your application with this DLL.
But still, if you allow arbitrary code to run in your image, then what prevents script kiddie from doing following: - hiddenly download a SqueakFFIPrims.dll (which is 30720 bytes long. i doubt that anyone will notice it) - hiddenly file-in a .cs which contains FFI classes - start exploiting your OS/VM whatever As an extreme variant, one can do following: HackyClass>>pluginBinaryFile ^ #( .... contents of binary file ) (FileStream forceNewFileNamed: 'MyPlugin.dll') nextPutAll: HackyClass pluginBinaryFile. now, all i left to do is to call primitive: HackyClass>>doNastyThings <primitive: 'nasty' module: 'MyPlugin.dll'> does this example makes any difference now, whether you have FFI or not? :) -- Best regards, Igor Stasenko AKA sig. _______________________________________________ Pharo-project mailing list [email protected] http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
