Re: java security concerns
17 Dec
2003
17 Dec
'03
11:17 p.m.
Simon Spero wrote:
In my previous message, I left out some fundamental parts of the run-time that need to be looked at carefully. The garbage collection needs to be examined carefully. Normally GC algorithms are formally derived, so it's the implementation that needs to be checked for. holes in the GC may be too unpredictable to exploit for anything but core-dumping, especially since java uses a mark-sweep conservative collector.
FWIW, we had some ideas about how to attack the GC from untrusted code, involving resurrection of objects during finalization. This turned out not to work -- the Javoids apparently anticipated this problem in their design.
8246
Age (days ago)
8246
Last active (days ago)
0 comments
1 participants
participants (1)
-
cman@communities.com