Delphi Trojans

From: Brent S. (brentatatmosoftdotcom)
Date: 11/19/03

• Next message: Oliver Townshend: "Re: Time to Say Goodbye, Delphi?"
• Previous message: Richard Grossman: "IDE Suggestion"
• Next in thread: Ignacio Vazquez: "Re: Delphi Trojans"
• Reply: Ignacio Vazquez: "Re: Delphi Trojans"
• Reply: Dennis Landi: "Re: Delphi Trojans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Tue, 18 Nov 2003 17:12:39 -0700

I have a component I have been working on that happened to reference a unit
in its uses section that it should not have been referencing. The unit was
the controller unit for an application which instantiates a controller
object in its initialization section. The controller object creates various
components and activates them when it is created and is the core of the
application.
When I added this new component to a package and installed the package I
noticed that delphi was executing this code, which was logging into a server
and reporting itself to be the application the controller belonged to.
I was unaware that code in the initialization and finalization sections of a
referenced unit of a component would be executed when they weren't on any
form. I knew it would be executed if the component were dropped on a form,
but executing in the component pallette?
This raises a few concerns. I could download a third party component(dcu),
and just by virtue of it being on my pallette it could be executing code.
No longer will I download components without source code. You could
conceivably create a component which took screen shots, logged key strokes,
uploaded files to a server, or pretty much anything you can dream up.
I know its not a huge security threat as long as you know what you are
doing. It just surprised me.

Brent.

---

• Next message: Oliver Townshend: "Re: Time to Say Goodbye, Delphi?"
• Previous message: Richard Grossman: "IDE Suggestion"
• Next in thread: Ignacio Vazquez: "Re: Delphi Trojans"
• Reply: Ignacio Vazquez: "Re: Delphi Trojans"
• Reply: Dennis Landi: "Re: Delphi Trojans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: MVC Question ... Each view must be *given* a reference to the model and it should ... there must be a way to handle inputs and events - the controller. ... Classic MVC should be called MVCO, ... All graphics apps I've worked with have had a separate math ... (comp.object) Re: thread.Abort() ... > as you hang onto the reference. ... > executing code in a finally block - this can be interrupted with unknown ... > target thread is alive but before the next line of code executes a context ... > thread to actually terminate is also unbounded. ... (microsoft.public.dotnet.languages.csharp) Re: References problem ... This is, as the OP suggested, a reference problem. ... The override of the Dispose method that you suggest is not a workaround... ... it is the expectation. ... the controller can be tossed and a new one ... (microsoft.public.dotnet.framework) Re: Prematurely garbage collection ... In the example below, when Invoke is being executed, the reference of the instance is available with app root - so the object is not collected until there are no more pending references. ... Executing the example given by Jon below on my machine gave the following output: ... static void Main ... (microsoft.public.dotnet.framework.clr) Re: Simpler Than A Thermostat? ... than a conventional simple thermostat control. ... when the output is equal to or just above the reference ... The controller seems to be working. ... Several reference points [sensors] are closely spaced around the ... (sci.engr.control)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)