#250 Reversion of FlexOuterScope is wrong

Need_for_security
closed-fixed
7
2005-07-24
2005-07-18
Steve Jenson
No

FIXED
If a top level expression evaluated in a
FlexOuterScope redefines a variable and then does a
non-local exit, the Slot bound to that variable will be
the new Slot, but the NounPattern recorded as the
corresponding defining occurrence of the variable will
have reverted by to the old NounPattern. These two may
be incompatible, which could enable an adversary to
fool an Auditor.

Followups

Comment Date By
The FlexOuterScope, and all other kinds of mutable
OuterScope are no more. Evaluation yields a pair of a
value and a new Scope. If eval does a non-local exit,
the new Scope is never made available, so the earlier
Scope continues to be current. 2004-Jul-09 06:27 markm
Since E 0.8.29a doesn't yet use Auditors, this isn't
yet a fatal security bug. But it must be fixed before
we can rely on Auditors. 2004-Jul-04 21:40 markm

Discussion

  • Steve Jenson
    Steve Jenson
    2005-07-18

    • status: open --> open-fixed
     
  • Steve Jenson
    Steve Jenson
    2005-07-18

    • status: open-fixed --> closed-fixed
     
    • assigned_to: nobody --> caplet