Re: Why is object passing across RBScript context, not safe?

To:	realbasic-nug at lists dot realsoftware dot com
Subject:	Re: Why is object passing across RBScript context, not safe?
From:	"Theodore H.Smith" <delete at elfdata dot com>
Date:	Mon, 31 Jan 2005 02:14:38 +0000
Delivered-to:	realbasic-nug at lists dot realsoftware dot com
References:	<20050131015653 dot 3C4496DC4F1 at lists dot realsoftware dot com>

From: Charles Yeomans <yeomans at desuetude dot com>

4) It opens a gaping security hole for applications.


How does passing objects across a context, form a security hole?

I know that allowing access to the rest of the project is potentially
security hole. But object crossing contexts?? Perhaps you can explain.


Suppose that an application loads RbScripts from disk.  The application
has no control over those script files, which could be modified to
inject malicious code into an application.  Perhaps I am worrying
needlessly, but it seems to me that the ability to pass objects from
RbScript opens  Pandora's box.

As I said in my initial email, passing objects across the context, doesnot equal having full access to the host's code.

What if the object was typed as "object", and that was the onlyinformation that the compiler would give to you, on it?


IE this code:

ReceiveObject( obj as MyClass )

would not compile.

this code:

ReceiveObject( obj as object )

would compile, but even if you viewed this function in the debugger,you'd see obj would have a type of "object. Now, if this is the bestinformation you can get from it, then obviously you can't do anythingwith it. Except of course... store it, and send it back! Why? Well, forequivalence matching.


This RBScript for example:

class XMLWrapper
        RBsXMLElement as object
        
        function Parent() as XMLWrapper
                dim result as new XMLWrapper
                result.RBsXMLElement = XMLGetParent( me.RBsXMLElement )
                if result.RBsXMLElement then
                        return result
                end if
        end function

end class

Now, this would be nice, because here we have defined a one-to-oneobject mapping. The code of XMLGetParent (in the context object) wouldbe this:


function XMLGetParent( TheXMLElement as object ) as object
        return XMLElement( TheXMLElement ).Parent
end function

Now here, we have actually passed objects across the context! But wehave also not exposed ANY of RB's internal classes, not even safeclasses.

Thus, I hope I've proved my point, that passing objects across acontext does not equal a security flaw.



--
   Theodore H. Smith - www.elfdata.com/plugin/ - www.elfdata.com/forum/
   ElfData: Industrial strength string processing, made easy.

_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Why is object passing across RBScript context, not safe?, Theodore H.Smith Re: Why is object passing across RBScript context, not safe?, Thomas Reed Re: Why is object passing across RBScript context, not safe?, Charles Yeomans Re: Why is object passing across RBScript context, not safe?, Daniel L. Taylor Re: Why is object passing across RBScript context, not safe?, Theodore H.Smith Richer RBScript options (was Re: Why is object passing across RBScript context, not safe?), Andy Dent Re: Why is object passing across RBScript context, not safe?, Theodore H.Smith <=

Previous by Date:	Re: Error Message...Help., Bill Marcy
Next by Date:	Re: Strange "number" in a double array, Andrew Keller
Previous by Thread:	Richer RBScript options (was Re: Why is object passing across RBScript context, not safe?), Andy Dent
Next by Thread:	Toolbar icons, Ken Fleisher
Indexes:	[Date] [Thread] [Top] [All Lists]