[DGD] Re: Out of curiosity...

[Frank Schmidt]

> If 2) is used, I think that function_object(), this_object(),
> previous_program() and perhaps also error() need to be made nomask. Masking
> security functions is as far as I know a rather easy way of breaking
> security.

Hmm, have you checked this out in your environment? To my knowledge
overriding kfuns deeper down in the inheritance-list does not override the
definition of it being a kfun. Therefore a kfun-call in the auto object-
or an instance above the masking level, will always call the kfun, instead
of any masked function in the inheriting object. And static functions in
the auto objects are declared as new kfuns... Thus, functions in the auto
object declared static should be safe.

Also, I would avoid redefining this_object(), function_object(),
previous_program() in the auto object if possible, as they are heavily
used.

Another security issue: Consider call_other(this_object(), ) may call
static functions. This means that an object doing an e.g. map_array() need
to be aware of that if one of the objects in the array is this_object(),
it must be certain the function called is not a security function declared
static. But as long as the function-name is constant and harmless, you are
on the safe side. This problem hangs together with good object-design for
security.


Living in the hope kfuns are bulletproof,

Frank Schmidt




List config page:  http://list.imaginary.com/mailman/listinfo/dgd