Wondering, and I hope no one thinks me rude in doing so out loud, if there might not be inherent security issues in using forth to field cgi.
(Been interested in this sort of thing for quite a while, but not had time to pursue it.) I'm thinking that it would be necessary to write a restricted outer interpreter that would, at minimum, (1) restrict access to the assembler and to most file or networking words, and (2) absolutely never execute the standard QUIT or ABORT words, or any words like them, or any words that invoked them. In order to restrict access to dangerous words, I'm thinking the symbol table may need to provide ways to build walls between vocabularies. (I had a start on that a long time ago, using a forest of nested binary trees for my dictionary, but I haven't looked very closely at the dictionary structure in gforth. Hash table?) It does seem like having return addresses on a separate stack would help a lot with buffer overflow issues, although it would not be a perfect wall against exploits. Auditing for buffer overflows and similar issues would be required? Anything else? -- Joel Rees <[EMAIL PROTECTED]> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
