Block remote code execution #225

bweengener · 2022-07-18T21:20:49Z

User Story:
As a host, I don’t want users to be able to arbitrarily execute code on my server to ensure the integrity of the polls and ensure user’s can’t hack me/ cheat.

florian-str · 2024-05-21T10:41:42Z

An old issue (#124) describes the problem in more detail:

With access to perform: and similar messages, one could wreak havoc and circumvent any security measurements put in place. We should guard against this, possibly by only allowing messages to be sent that are implemented directly on the object that's messaged (and not inherited handlers).

bweengener added the user-story label Jul 18, 2022

L17L added the bug Something isn't working label May 7, 2024

florian-str changed the title ~~As a host I don’t want users to be able to arbitrarily execute code on my server to ensure the integrity of the polls and ensure user’s can’t hack me/ cheat.~~ Block remote code execution May 21, 2024

florian-str added the question Further information is requested label May 21, 2024

florian-str mentioned this issue May 21, 2024

ObjectRepo: Prevent meta-messages like perform: to be sent to object #124

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Block remote code execution #225

Block remote code execution #225

bweengener commented Jul 18, 2022 •

edited by florian-str

Loading

florian-str commented May 21, 2024

Block remote code execution #225

Block remote code execution #225

Comments

bweengener commented Jul 18, 2022 • edited by florian-str Loading

florian-str commented May 21, 2024

bweengener commented Jul 18, 2022 •

edited by florian-str

Loading