Re: netscape mail starts java attachments upon get new mail...
Does anyone remember the problem IBM had back ~10 years on X'mas, when someone sent an embeded 'script' greeting card to multiple 'profs' addresses? When the mail was opened the 'script' procedure was executed, resulting in the card being forwarded to everyone in the recipient's address book. It didn't take too many interations of this to drag IBM's net to it's knees. Given JAVA's i/o capabilities, I'm a little concerned about mating it with my mail reader. jps -- Jack P. Starrantino (215) 674-0200 (voice) SEMCOR, Inc. (215) 443-0474 (fax) 65 West Street Road jps@semcor.com Suite C-100 Warminster, PA 18974
Jack P. Starrantino writes:
Given JAVA's i/o capabilities
Java, per se, doesn't have any "I/O capabilities", in the same way that neither C nor C++ do. That said, it is the case that if your mail reader allows incoming applets to send mail, you're in for trouble. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In message <9510091458.AA27858@alpha>, Mike McNally writes:
Jack P. Starrantino writes:
Given JAVA's i/o capabilities
Java, per se, doesn't have any "I/O capabilities", in the same way that neither C nor C++ do. That said, it is the case that if your mail reader allows incoming applets to send mail, you're in for trouble.
As far as I know Java apps can only make network connections to the IP address they were loaded from. There may be more restrictions then that as well. So if they were going to mail-bomb they would have to hurt the site that was giving out the Java app (by sending all the mail to it to be relayed back), and in fact it could be done more effectavly with a "simple" CGI script. This isn't to say it is infeesable - someone could write a gereral purpose Java applet (say something that makes cool looking animated bullets for lists) that when loaded from a specific IP address/domain (say www.clueless.org) would then do something bad. However exactly who you can harm isn't exactly as broad as I assume "pranksters" would like, and how badly you can harm them may not be as harmful as "terrorists" would like, but it seems to be simpler to do then *I* would like! OBcrypto: in one of the Java papers I saw a refrence to use of RSA signitures to allow browser users to say things like "I trust Sun (or Tim May) to write applets that use Foo not to harm me". It wasn't in the public release of HotJava because of licencing constrints. Any speculation on whether Netscape will (eventually) support that feature?
"Josh M. Osborne" writes:
As far as I know Java apps can only make network connections to the IP address they were loaded from.
That might be the design, but we know that it is hard to faithfully implement very complicated designs. Perry
On Mon, 9 Oct 1995, Perry E. Metzger wrote:
"Josh M. Osborne" writes:
As far as I know Java apps can only make network connections to the IP address they were loaded from.
That might be the design, but we know that it is hard to faithfully implement very complicated designs.
The design of java is supposed to make analysing for security easier than it might be in other similarly sized systems- whether it does this or not is something that needs to be checked for carefully. The three components that need to be analysed are the class loader, the implementation of the JVM, and the code to check network connections. Analysing the VM and the class loader should be a simple (hah) matter of structural induction (possibly a two step process of converting the vm description into a denotational semantics and analysing that, followed by a proof that the vm is a faithful implemenation of those semantics.) the networking code is simple to prove safe if the VM and classloader can be shown to be safe. Simon
participants (5)
-
Josh M. Osborne -
jps@monad.semcor.com -
m5@dev.tivoli.com -
Perry E. Metzger -
Simon Spero