On Jan 27, 2004, at 7:29 AM, Leopold Toetsch wrote:
...getinterp P5 dlfunc P0, Nul, "Parrot_UnManagedStruct_get_pointer", "pIP"This is unlimited self-inspection and self-modification :) With little additions (nested structs) one could read/write all Parrot_Interp internals (including possible security bits) and not only registers like above. But current state is already sufficient to seriously damage the interpreter ($P2 above is a struct representing the current interpreter)
This type of security issue seems inherent in anything NCI-related--once NCI is involved, all bets are off. It seems that, in order to guard against this (and related problems), any sort of "secure mode" operation of parrot would have to block use of any of the NCI infrastructure.
Or restrict it to functions which have sufficient privileges, presumably because they've been audited to make sure they're correct.
--
Dan
--------------------------------------"it's like this"-------------------
Dan Sugalski even samurai
[EMAIL PROTECTED] have teddy bears and even
teddy bears get drunk
