Hi Jeff,
>
> Howdy, Gabriele:
>
> >... it's better to quit REBOL just after running an
untrusted
> > script, because you can't know if it has changed every word
in the
> > global context to do evil things.
>
>
> Using the new ability to QUERY objects, you can do the
following:
>
> protect 'query
>
> query/clear system/words
>
> do %some-script.r
>
> new-or-modified-words: query/clear system/words
>
> Then you can tell if something's messed with any of the system
> words. For additional security, point another word at QUERY
first,
> ie:
>
> check-object: :query
>
> Note: New words may show up in the return that are not
necessarily
> new global words, but were defined in another context. To
determine
> which are new globals you can iterate over the contents of the
> returned block and test them with VALUE?
>
> If you find the word SECURE in the block you can assume the
> script's up to no good.
>
> -jeff
>
There is a simple effective attack against this:
1) somewhere in %untrusted.r use the statement:
query/clear system/words
Regards
Ladislav
