There is a security system (--with-security). The main problems with it is that it isn't documented and hasn't been audited, so it can't be trusted to provide complete protection. At some points we're actually aware of holes but haven't bothered to fix them (e.g. when dumped programs are decoded they can get references to things they shouldn't). A grep for "FIXME" and "security" should show those places.
(I'm not familiar with it. I suspect only Hubbe and perhaps Grubba know how it works.)
/ Martin Stjernholm, Roxen IS
Previous text:
2003-03-22 18:45: Subject: Re: sTeam DoS vulnerability (still is: Do we have a floatingpoint bug?)
On Sat, Mar 22, 2003 at 04:39:17PM +0100, Xavier Beaudouin wrote:
Maybe this can be do as newpikescript.pike does in Caudium 1.3. There is an external pike process waiting for data using Remote.Client/Server from Pike. If it crashes, then Caudium just restart one new server.
the situation is a lot more complex. DoS is actually the least of our problems. i just discovered that things like Stdio.* are completely unprotected.
we need to somehow make sure that the security wrapper covers each and every function and class in pike, so that calls to Stdio, exit, and the like will result in a security violation.
greetings, martin.
/ Brevbäraren