[REBOL] Re: Security hole ? (was: image memory representation)
From: g:santilli:tiscalinet:it at: 23-Aug-2001 19:10
Hello Anton!
On 23-Ago-01, you wrote:
A> Is rebol memory pool the same for the launched program as in
A> the console at the first point? If so, then it's possible that
A> the evil program can send away user and password. Then evil
A> programmer can freely access the ftp site.
A> Muhahahahaaa.r.rgg..<cough>
This is very unlikely anyway. The evil program has to be lucky
enough to get the username and the password in that memory area;
the it has to scan that area to find things that look like
strings; then it has to convince the user to give it the
permission to open some tcp port to send back the data to the evil
programmer (ok, by default script are allowed to open tcp ports,
so this is not probably a very big problem); the evil programmer
then has to scan thru all of this strings to see it he can find
something useful. It's like winning a lottery. :)
A> Anyway, I can see this bug being fixed pretty soon.
Indeed. So hurry up evil programmers! ;-)
Regards,
Gabriele.
--
Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer
Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/