$lib/mpi permits arbitrary MPI evaluation with M2

Moved to http://www.fuzzball.org

Brought to you by: mcclure, points, revar

This project can now be found here.

#207 $lib/mpi permits arbitrary MPI evaluation with M2

Milestone: Security

Status: open

Owner: nobody

Labels: Included MUF programs (16)

Priority: 5

Updated: 2005-07-14

Created: 2003-12-30

Creator:

Private: No

It's possible to do something similar to the following:

$include $lib/mpi: main
me @ "_/ide" getprop var! pr
me @ "_/ide" "{otell:is a goober!}" setprop
me @ parse_idesc pop
me @ "_/ide" pr @ setprop
;

Obviously the example here is relatively harmless since
it could be done with notify_exclude anyway, but more
malicious code could easily be constructed. Should M2
be able to evaluate arbitrary MPI as the current user?

Discussion

Wyld - 2005-07-14

milestone: --> Security
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

$lib/mpi permits arbitrary MPI evaluation with M2

Moved to http://www.fuzzball.org

Group

Searches

Help

#207 $lib/mpi permits arbitrary MPI evaluation with M2

Discussion