Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.forth > #24483
| From | "Rod Pemberton" <do_not_have@notemailnotq.cpm> |
|---|---|
| Newsgroups | comp.lang.forth |
| Subject | Re: WWW-safe Forth? |
| Date | 2013-07-14 18:15 -0400 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <krv7r1$5e5$1@speranza.aioe.org> (permalink) |
| References | (11 earlier) <9P-dnY5wTdNgtkbMnZ2dnUVZ_ridnZ2d@supernews.com> <krhtud$65r$1@speranza.aioe.org> <WI2dncHJ98zEFUHMnZ2dnUVZ_oudnZ2d@supernews.com> <krob4u$43g$1@speranza.aioe.org> <4PednaaEJdL3W0LMnZ2dnUVZ_qGdnZ2d@supernews.com> |
"Elizabeth D. Rather" <erather@forth.com> wrote in message news:4PednaaEJdL3W0LMnZ2dnUVZ_qGdnZ2d@supernews.com... > On 7/11/13 9:31 PM, Rod Pemberton wrote: > > "Elizabeth D. Rather" <erather@forth.com> wrote in message > > news:WI2dncHJ98zEFUHMnZ2dnUVZ_oudnZ2d@supernews.com... > >> On 7/9/13 11:09 AM, Rod Pemberton wrote: > >> Every implementation does these underlying things > >> differently, so the names would be different, and every > >> specific platform would put them at different locations. > >> Assume DUMP is not available (which it wouldn't be in > >> this scenario)? > > > > The hacker is only trying to breach one. > > But he has to know which one it is, and how this particular one > works. > Do you honestly believe most hackers are smart enough to be programmers? They know little to nothing about how the systems they breach work. > > As stated previously, there are only two things required to > > breach a system, both of which are nearly impossible to prevent > > on a computing platform designed to provide both: > > 1) ability to enter code, i.e., storage space > > 2) ability to execute the code, i.e., execute Forth words or > > machine code > > You have no access to machine or assembler code, no access to > code space or dictionary, and can only find the words available > to you in the secure wordlist. You could conceivably enter a > sequence of machine code into a region of data space. However, > it will be difficult to execute it. > Difficulty is not an issue for hackers. They only need to find a way. > >> Those are generalized assertions. My question is, how would > >> you approach doing any of these things in the Forth I > >> described above? > >> > >> [...] > >> > >> How would you even know whether the Forth calls the OS, or > >> whether there is an OS (vs. a native Forth)? All you're doing > >> is asserting that it's possible, without any clue how. > > > > You can't know all possible attack vectors. That's the > > problem. > > True. But we know what it takes to make something happen. As a > theoretical statement, it is impossible to make a 100% secure > system. But, practically speaking, you can get pretty close. I'm > still waiting for you to show me a way to penetrate the system > I'm describing. > I'm not a hacker. I've listed quite a few areas that could be attacked. And, you indicated about 40% of them were still "unprotected" in the sense that they are still useable, i.e., open for abuse. As stated, only two things are needed: ability to store ASCII text and ability to transfer x86 execution there. That's very difficult to block in it's entirety. > My answers above addressed most of those issues. > In the literal sense, yes. However, a hacker is trying to find a breach point. You can't know if they can find one even if you think you've covered all bases. > >> It's probable that neither is true. > > > > It's extremely probable that the hacker can identify the OS > > before attacking it. A good Forth hacker with experience > > in different Forths should be able to tell which Forth he's > > hacking too, at least a large percentage of the time. E.g., > > bigForth works differently in regards to ALLOT as compared > > to other Forths. Some Forths have TIB. Some don't. Ditto > > for DP LIT PAD. Some are Forth 83. Some Forth 79. Some > > ANS. What is the size of a cell? There are many > > characteristics that are different. If the Forth is ANS, which > > additional wordsets does it support? Which ANS words are > > missing? etc. > > How do you find out if this Forth has TIB if it's not in the > secure wordlist (for example)? Is the secure wordlist the words the user can or can't execute? I was taking "secure wordlist" to mean the ones they couldn't... > Most of the words referenced in the above paragraph > would be excluded from the secure wordlist whether > they're in the underlying Forth or not. > If you can redefine colon, it's possible on some Forth's (ITC) to trace execution. That could return an XT or address for TIB, e.g., instead of a DUMP, or instead of displaying values using @ and EMIT or . (dot) with a loop. However, it doesn't have to be a matter of finding it. It can just be a matter of using it. If it can be used via another word or the system, it's possible to have data stored there and possible that indirect methods could find it's location too. E.g., if TIB's address placed on a stack, it could be found by stack watching or soft- or hard-crashing to prevent it's stack value from being consumed or removed. I.e., none of the words in the user accessible wordlist can be defined using system words like TIB etc deemed to be insecure. That's a severe restriction on functionality, especially if the system is built from a set of core words. I don't see how the user could be allowed to do much of anything. > >> We have a bunch of considerations already, including a > >> limited, sealed vocabulary whose words can only directly > >> access an authorized region of data space. Assuming that > >> all the user knows is the url to access it, it's reasonable to > >> assume that the user would also have a very hard time finding > >> out what version of Forth, what implementation strategy, > >> under what OS, or any other features that would clue you > >> in to a vulnerability. For all you know, it isn't even an x86 > >> underneath. > > > > The OS can be determined before ever connecting to the > > "sandboxed" Forth. Most network testing tools can do this. > > If there *is* an OS... > Why does it matter? If a hacker can gain the ability to execute code (with sufficient privileges where implemented), they can install their own OS, as long as it's for the correct processor, or they could flash a new BIOS etc. If they flashed a netboot ROM BIOS on your machine, you've got a serious problem. Rod Pemberton
Back to comp.lang.forth | Previous | Next — Previous in thread | Next in thread | Find similar
WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-05 19:24 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-05 13:37 -0700
Re: WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-05 21:17 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-05 15:22 -0700
Re: WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-06 01:56 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-06 14:42 +0200
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-06 07:56 -0500
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:11 +0200
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-07 02:44 -0500
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-07 10:28 +0000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-06 13:42 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:40 +0200
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-05 20:20 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-06 12:41 -0400
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-06 12:03 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 12:41 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-06 14:01 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 14:26 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 12:32 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 19:58 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 18:14 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 21:51 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 21:01 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 00:36 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 01:25 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 01:56 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 08:34 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-07 07:08 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 08:41 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 12:59 -0700
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-07 20:18 +0000
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-09 01:09 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-08 00:09 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 18:15 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 17:22 -1000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 17:20 -1000
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 13:13 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 14:02 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-08 01:25 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 18:26 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-09 19:21 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-10 01:55 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-10 23:51 +0200
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 21:10 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 22:03 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 22:27 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 00:30 -0700
Re: WWW-safe Forth? Hannu Vuolasaho <hannu.vuolasaho@nospam.tut.fi.invalid> - 2013-07-08 13:08 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-08 09:18 -0400
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-08 07:02 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 09:46 -0500
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 11:04 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 12:49 -0500
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 11:26 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 16:28 -0500
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-08 11:15 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-09 17:09 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-09 12:02 -1000
Re: WWW-safe Forth? Hans Bezemer <the.beez.speaks@gmail.com> - 2013-07-10 23:52 +0200
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-12 03:04 -0400
Re: WWW-safe Forth? gavino_himself <visploveslisp@gmail.com> - 2013-07-28 02:32 -0700
Re: WWW-safe Forth? gavino_himself <visploveslisp@gmail.com> - 2013-07-27 22:18 -0700
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-12 03:31 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-11 23:03 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-14 18:15 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-14 13:50 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-15 14:12 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-15 10:22 -0700
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-15 17:07 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-17 01:12 -0700
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-17 09:43 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-17 15:04 +0200
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-17 13:50 +0000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 07:57 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-15 22:45 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 18:21 -1000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 07:52 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-16 16:15 +0000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-16 08:17 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-17 09:33 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-15 22:40 -0400
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-10 03:26 -0500
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 01:46 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 02:39 -0700
Re: WWW-safe Forth? AKK <akk@nospam.org> - 2013-07-07 11:56 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 03:20 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:21 +0200
Re: WWW-safe Forth? Hans Bezemer <the.beez.speaks@gmail.com> - 2013-07-09 23:22 +0200
Re: WWW-safe Forth? gavino_himself <visploveslisp@gmail.com> - 2013-07-27 21:34 -0700
csiph-web