Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.forth > #24299
| From | "Rod Pemberton" <do_not_have@notemailnotq.cpm> |
|---|---|
| Newsgroups | comp.lang.forth |
| Subject | Re: WWW-safe Forth? |
| Date | 2013-07-08 09:18 -0400 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <kredus$lsg$1@speranza.aioe.org> (permalink) |
| References | (5 earlier) <OpadncnYCbNmB0XMnZ2dnUVZ_qGdnZ2d@supernews.com> <7x61wnulcu.fsf@ruckus.brouhaha.com> <49bf74b6-3755-46a4-993b-3e6966c13d12@googlegroups.com> <krbhv4$dm5$1@speranza.aioe.org> <a46aa97a-faa0-4dfc-a7c7-1caed4f765fc@googlegroups.com> |
"Howerd" <howerdo@yahoo.co.uk> wrote in message news:a46aa97a-faa0-4dfc-a7c7-1caed4f765fc@googlegroups.com... > On Sunday, July 7, 2013 1:08:30 PM UTC+2, Rod Pemberton wrote: > > you can still define a new comma as long as the primitives > > needed for coding the removed words are available > > True, so don't provide these primitives. > > > you need to not be able to define new words, > > Why not? If you define new words using only "safe" primitives, > how can the new words be "unsafe". The point is that some words needed to construct the system will not be safe. > > not find system words, not access hidden words, > > True. > > > not adjust the intruction pointer via a return address on > > the address stack, not be able to execute code at any address, > > True. > > > not be able to construct definitions without : (colon) and ; > > I can see no problem constructing new words using CODE , > providing you cannot execute them. Ok... That's a good point that execution is the problem. Computers are designed to execute. How do you prevent that? Under what conditions? ... So, how do you ensure that words using CODE or , (comma) can't execute? Remove >R and R> ? Remove EXECUTE ? What's the point of having : (colon) and ; (semicolon) to define new words then, if you can't execute them? What else? How about we remove FIND ? Remove ' (tick)? They return an XT... What are we to do if we have a needed but unsafe IMMEDIATE word? Many of the low level words are IMMEDIATE (or their ANS equivalent, whatever that may be...) What if a hacker manages to mark a hack word or a word modified by a hacker as IMMEDIATE using low level words to do so? How do you stop it from executing? What about crippling the inner/address interpreter, so it won't execute words? It's coded to execute words under a number of circumstances, like IMMEDIATES. If you do stuff like that, how does the system function? And, what about BYE ? That one word could allow the user direct, immediate access to an unprivileged user account. Do you SMUDGE BYE ? If you can get it's XT, you can still execute it if EXECUTE or >R are available, even if FIND or ' (tick) doesn't return it's XT. Do you deleted BYE? What about CFA fields? Many Forths allow a definition to set the CFA field. You'd need to eliminate , (comma) and ! (store) to prevent writing to a CFA field. If you can't store, how do you define a new colon definition in the first place? What about DOES> ? It allows code execution too. If you eliminate DOES> , many Forths will break since they use DOES> for CONSTANT , VARIABLE , VALUE , SET etc, and all the other words built from them... What about the use of KEY , HERE , ALLOT, PAD, etc ? The hacker could use them to type in code and find an execution token. If the word is hidden, say via SMUDGE, you can still execute it if you know the XT for it and have at least one way to execute it. What if the user types WORDS, ' (tick) the first and last words in the list and attempts to execute all addresses between the first and last to find BYE or crash the system? The crash could drop the used back to the command prompt just like BYE . We could call this address or XT shotgunning... What if the Forth system is coded in C ? It would inherit C's bugs. The Forth system requires some OS support. So, it would inherit OS bugs too. What about :NONAME ? In interpreted Forth, you only need the XT and some way to execute it. I've listed at least four ways to do that above, via multiple Forth words. How is someone to ensure that an XT can't be executed? The entire Forth system is designed to create, find, and execute words. It's NOT designed to NOT execute. In short order, it appears to me, that we're looking at entirely rewritting the Forth system from scratch to be safe. You might see that claim as excessive or over-the-top, but I don't. > > I.e., a Forth interpreter really isn't well suited for this. > > You have provided a list of things that you shouldn't do if you > want a secure system. What is [it] about a Forth interpreter that > makes it not suitable? The fact that you *could* provide insecure > primitives? The first part of the idea that you can't both eliminate all the insecure primitives and also have enough system words for the interpreter to function. This is based on the premise that the high level words are coded entirely using low level words which can be thoroughly vetted. Forth's which have high level words that have code that isn't a part of some other high or low level Forth word are more vulnerable, e.g., compiled directly to assembly. The code that's generated for that word, which isn't part of another high or low level Forth word, can't be tested for insecurity. The second part of the idea is that it's difficult to confirm that all the unsafe features that could allow code execution to occur have actually been removed. Forth words are heavily factored, er... nested. How do you decide what feature a hacker will abuse and eventually use successfully? You only need to be able to do two things to execute x86 code: 1) have the ability to save ASCII text to memory 2) transfer processor execution to that point. You really can't do anything about the first. You have to have strings and be able to load or save, data and text. So, all efforts are concentrated on making sure unauthorized code is not executed somehow. > > There are too many low-level words. > > Are high level words somehow more secure? I think not. That depends on how they're coded. If the high level words use assembly, then high level words can be made insecure too via assembly. It high level words only use low level words, then high level words depend on the safety of the available low level words. > > There is too little security. > > Yes, traditionally Forth has allowed complete control over > whatever it is running on, except of course for secure systems, > where it doesn't. ... Rod Pemberton
Back to comp.lang.forth | Previous | Next — Previous in thread | Next in thread | Find similar
WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-05 19:24 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-05 13:37 -0700
Re: WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-05 21:17 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-05 15:22 -0700
Re: WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-06 01:56 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-06 14:42 +0200
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-06 07:56 -0500
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:11 +0200
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-07 02:44 -0500
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-07 10:28 +0000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-06 13:42 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:40 +0200
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-05 20:20 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-06 12:41 -0400
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-06 12:03 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 12:41 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-06 14:01 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 14:26 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 12:32 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 19:58 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 18:14 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 21:51 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 21:01 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 00:36 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 01:25 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 01:56 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 08:34 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-07 07:08 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 08:41 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 12:59 -0700
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-07 20:18 +0000
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-09 01:09 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-08 00:09 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 18:15 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 17:22 -1000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 17:20 -1000
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 13:13 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 14:02 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-08 01:25 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 18:26 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-09 19:21 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-10 01:55 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-10 23:51 +0200
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 21:10 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 22:03 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 22:27 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 00:30 -0700
Re: WWW-safe Forth? Hannu Vuolasaho <hannu.vuolasaho@nospam.tut.fi.invalid> - 2013-07-08 13:08 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-08 09:18 -0400
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-08 07:02 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 09:46 -0500
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 11:04 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 12:49 -0500
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 11:26 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 16:28 -0500
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-08 11:15 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-09 17:09 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-09 12:02 -1000
Re: WWW-safe Forth? Hans Bezemer <the.beez.speaks@gmail.com> - 2013-07-10 23:52 +0200
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-12 03:04 -0400
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-12 03:31 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-11 23:03 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-14 18:15 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-14 13:50 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-15 14:12 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-15 10:22 -0700
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-15 17:07 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-17 01:12 -0700
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-17 09:43 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-17 15:04 +0200
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-17 13:50 +0000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 07:57 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-15 22:45 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 18:21 -1000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 07:52 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-16 16:15 +0000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-16 08:17 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-17 09:33 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-15 22:40 -0400
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-10 03:26 -0500
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 01:46 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 02:39 -0700
Re: WWW-safe Forth? AKK <akk@nospam.org> - 2013-07-07 11:56 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 03:20 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:21 +0200
Re: WWW-safe Forth? Hans Bezemer <the.beez.speaks@gmail.com> - 2013-07-09 23:22 +0200
csiph-web