WSJ on Big Java Flaw
Wall Street Journal, March 26, 1996, p. B4. Researchers Find Big Security Flaw In Java Language By Don Clark A team of Princeton University researchers said they discovered the most serious security flaw yet in the widely used Java programming language from Sun Microsystems Inc. The flaw could make it possible for unscrupulous hackers to destroy files or cause other types of damage on any personal computer that uses Netscape Communications Corp.'s Navigator program, said Edward Felten, a Princeton assistant professor of computer science who helped discover the flaw. Netscape Navigator, which uses Java, is the most popular software for browsing the Internet's World Wide Web. Java enables the creation of tiny programs, called applets, that are transferred from a Web site on the Internet to a PC running Netscape Navigator. Mr. Felten said that unscrupulous people who discovered the flaw could boobytrap a Web page on the Internet, essentially seizing control of the browser software of any PC that tapped into that page. At that point, the hackers could read or delete an entire hard disk of data files. "The consequences of this flaw are as bad as they can be," he said. Sun, a computer maker based in Mountain View, Calif., acknowledged the problem. "This one is a serious bug," said Marianne Mueller, a senior Sun engineer specializing in security issues. The company, alerted by Princeton on Friday, is already testing a software fix it has developed for the program and hopes to distribute it to Netscape and other users in about two days. Those companies are then expected to distribute updated versions of their Web browsers or other products to users. "We plan to fix it and get it out to our customers as fast as we can," said Jeff Treuhaft, a Netscape product manager. Java was originally touted by Sun as a secure language. But at least two other flaws have already been discovered in the technology, including a less-serious problem uncovered by the Princeton team last month. Sun's Ms. Mueller said the problems have been correctable details in the way the Java code is written, not problems with its basic design. [End]
John Young wrote:
Wall Street Journal, March 26, 1996, p. B4. Researchers Find Big Security Flaw In Java Language By Don Clark
A team of Princeton University researchers said they discovered the most serious security flaw yet in the widely used Java programming language from Sun Microsystems Inc.
The flaw could make it possible for unscrupulous hackers to destroy files or cause other types of damage on any personal computer that uses Netscape Communications Corp.'s Navigator program, said Edward Felten, a Princeton assistant professor of computer science who helped discover the flaw.[..] Mr. Felten said that unscrupulous people who discovered the flaw could boobytrap a Web page on the Internet, essentially seizing control of the browser software of any PC that tapped into that page. At that point, the hackers could read or delete an entire hard disk of data files. "The consequences of this flaw are as bad as they can be," he said.[..]
The generalized halting problem comes to mind... Since it can be proved that there's no complete set of heuristics to tell if a given program has a characteristic (such as "secureness") then sooner or later someone will discover another security flaw. A question is whether a simple patch is made or if the set of heuristics is widened (ie, learn from mistakes) so that similar flaws can be found based on knowledge of that one flaw.
Mutant Rob <wlkngowl@unix.asb.com> writes:
The generalized halting problem comes to mind...
While it can be demonstrated that no algorithm exists to determine whether an arbitrary Turing machine will halt, good programs generally belong to a class somewhat less expansive than the totality of possible Turing machines. By imposing perfectly reasonable constraints on program structure, it is trivial to guarantee program termination with almost no loss in the functionality of the typical programming language. Indeed, any computer program which executes only forward branches, and in which the iteration counts of all loops are known at the time they are entered, is guaranteed to terminate. Many people would even consider such things to be good programming practice. In general, the types of computer program characteristics which make determination of halting impossible are precisely the characteristics one does not want in trusted code, because they make understanding the code and debugging the code intractable.
Since it can be proved that there's no complete set of heuristics to tell if a given program has a characteristic (such as "secureness") then sooner or later someone will discover another security flaw.
Again, a statement which applies to Turing machines, but not to Java. Java has been carefully restricted to ensure that a complete analysis of proper program behavior is possible with a combination of runtime checks and pre-execution scanning of imported bytecode files. This was designed into Java from the start. While the abstract Java machine is provably secure, real world implementations may suffer from the usual plethora of ills, such as creeping damage from overflowed buffers on the stack. This in no way implies any faults with Java itself, and such bugs in Java implementations will be corrected in the usual way with the passage of time.
A question is whether a simple patch is made or if the set of heuristics is widened (ie, learn from mistakes) so that similar flaws can be found based on knowledge of that one flaw.
Again, there are no known security flaws in the abstract Java machine. Once all bugs and oversights in existing Java interpreters are corrected, all Java programs will be rendered incapable of causing damage to the platforms they are run on, unless explicitly permitted to do so by an authorized person. Some patience while the Java support in packages like Netscape Navigator undergoes the normal process of evolution is to be encouraged. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
participants (3)
-
John Young -
mpd@netcom.com -
Mutant Rob