Hi, On Fri, Jan 26, 2024 at 8:46 AM songbird wrote: > > John Hasler wrote: > > songbird writes: > >> any process which does not respond should be thus cast into the outer > >> darkness of the bits and never to return (aka a virus or unauthorized > >> program).
Q: is javascript sourced from who knows where on the Internet considered an unauthorized program? if no, have you heard of "malvertising"? > > Malware can lie. A virus can infect an authorized program and use its > > credentials. > > objects are only created by authorized calls to other > objects so there is no pathway to infect if done correctly. I hate it when someone blithely tosses off that "if done correctly" nonsense - ignoring the last 60+ years of computer history that shows people more often than not CANNOT actually "do it correctly." I came across this recently https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline TL,DR: undefined behavior yields incorrect behavior if (i >= 0 && i < sizeof(tab)) { printf("tab[%d] looks safe because %d is between [0:%d]\n", i, i, (int)sizeof(tab)); return tab[i]; } doesn't actually verify that i is always within limits. $ cat bad-behavior.c #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> uint8_t tab[0x1ff + 1]; int safe = 0; uint8_t f(int32_t x) { if (x < 0) return 0; if ( safe ) { /* do a valid overflow check */ if ((INT32_MAX / 0x1ff) <= x) { printf("overflow prevented!\n"); return 0; } } int32_t i = x * 0x1ff / 0xffff; /* signed integer overflow yields undefined behavior */ if (i >= 0 && i < sizeof(tab)) { printf("tab[%d] looks safe because %d is between [0:%d]\n", i, i, (int)sizeof(tab)); return tab[i]; } return 1; } int main(int argc, char **argv) { (void)argc; memset(tab, 0, sizeof(tab)); if ( strcmp(argv[1], "safe") == 0 ) safe = 1; return f(atoi(argv[2])); } /* * https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline * * gcc -O2 -o bad.exe bad-behavior.c * ./bad unsafe 50000000 * tab[62183] looks safe because 62183 is between [0;512] */ $ gcc -O2 -o bad.exe bad-behavior.c $ ./bad unsafe 50000000 tab[62183] looks safe because 62183 is between [0:512] $ ./bad safe 50000000 overflow prevented! > if you do not allow random objects to be created that > are not verified and vetted then there are no viruses. That sounds so very easy. Not so easy to do in practice, but it sure _sounds_ easy enough. > note, i'm just kicking this around and wondering if it > really would be possible. I'd vote for possible but improbable. Regards, Lee
