Today in my computer security class, we talked about Java type confusion
attacks (if you’re unfamiliar, there is a really great article here: You're Not My Type (Ch. 5, Sec. 7) [Securing Java]).
Basically, when Java references an object, it’s actually using a pointer
to the object in memory, and the pointer has a tag referencing the type
of object it refers to. This type confusion attack is when two pointers
are created to the same object with incompatible types, which confuses
the Java system.
Now, like I said, this is my first day in Ruby. I’ve seen it in scripts,
but very briefly. However, I’m pretty sure that variables in Ruby don’t
have types, but I do know that Ruby uses a dynamic type system for
objects. As far as the language goes, that’s really all I know. I
definitely see some similarities between Ruby and Java, but not enough
to create a stance on this topic.
Our challenge was to find out if type confusion was possible in other
languages, and my group got assigned Ruby. Can anyone offer some insight
or point to some resources?
Mm…meaby that’s not what Regina is asking.
Meaby this is the answer you are looking for: the pointer is like a
label, which have a name and it refers to an object located in RAM. The
label has no tag, it’s very simple. You can know the ‘type’ of the
object(which in Ruby is just the class of the object), just pointing to
the object by some label and then passing the message class() to the
reference bringed by that label: the object. This is not hard to
understand, just I’m being recurrent in the same idea.
label = Object.new
label.class() #=> Object
Hope the explanation was helpfull for you. Force be with you.
Our challenge was to find out if type confusion was possible in other
languages, and my group got assigned Ruby. Can anyone offer some insight
or point to some resources?
Every variable in your Ruby code in (internally) a C type called
“VALUE”, which is just a typedefed unsigned int pointer. This pointer
points to a larger structure (in C, RBasic and other structs based on
it, like RString), from which you can read the value’s class and other
properties. (Technically, this works differently for Ruby Fixnums and
Symbols, whose values are magically encoded in the pointer value
itself.)
So it’s not possible to have force this kind of behavior you describe
in Ruby. However, as 7stud pointed out, instance variables (which are
like private fields in Java) can be accessed and modified anyway with
a little magic, and private or protected methods can be with some
tricks called from the outside environment. This is by design, as far
as I know.
Our challenge was to find out if type confusion was possible in other
languages, and my group got assigned Ruby. Can anyone offer some insight
or point to some resources?
Every variable in your Ruby code in (internally) a C type called
“VALUE”, which is just a typedefed unsigned int pointer. This pointer
points to a larger structure (in C, RBasic and other structs based on
it, like RString), from which you can read the value’s class and other
properties. (Technically, this works differently for Ruby Fixnums and
Symbols, whose values are magically encoded in the pointer value
itself.)
So it’s not possible to have force this kind of behavior you describe
in Ruby. However, as 7stud pointed out, instance variables (which are
like private fields in Java) can be accessed and modified anyway with
a little magic, and private or protected methods can be with some
tricks called from the outside environment. This is by design, as far
as I know.
– Matma R.
That is really helpful! Thank you! I feel like I understand this a lot
better.