[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape rewards are an insult
>
> On a closely related vein, Sun has announced that they are severely
> limiting some functions in HotJava - from Risks-17-45:
The problems found however, were not fundamental flaws in
the Java language itself nor in the Java virtual machine. As
I've said many times, you can pretty much rip any i/o capability
out of Java by changing the runtime class libraries. If someone
finds as way to to defeat the Java bytecode verifier/class loader
and replace a class in java.* with a more powerful one, then that
will be really significant.
> I had a rather lengthy discussion with a gentleman from Sun at the CSI
> conference last Tuesday night, and this announcement follows many of the
> things we discussed very closely. This kind of consistency between what
> people say and what the company published is refreshing, and it restores
> my faith in Sun's desire to do things well. Of course there are still
> some problems left unresolved:
[denial of service problems deleted. ]
>
> Similarly, if your HotJava allows an insecure Postscript implementation
> to interpret postscript files, you're still beat.
This is not a flaw or a feature. If you download a helper
app off the internet that has a flaw, it's not a flaw in the
browser. Claiming that it is is like claiming that
"ftp" or "nfs" has a fatal flaw because it allows you execute
untrusted binaries from other computers. Helper apps are in
the category of third party add-ons and the responsibility for
their correct implementation rests on the companies which sell them.
Netscape never claimed the ability to allow users to download
executable binary applications from the net and run them without
risk. Netscape doesn't come with a postscript interpreter nor does
it have one configured by default, so if the user installs one
and configures it, and it has a security flaw, it's not Netscape's
fault. Installing helper apps is not "easy" compared with
clicking on a Java applet so any user who does it must atleast be
somewhat knowledgable.
If a postscript interpreter is implemented in JDK Beta, and
it is insecure and it is allowed to interpret postscript files,
nothing bad will happen.
> I do think that this response by Sun, regardless of the technical merits
> of the particulars, demonstrates a desire to improve protection and a
> willingness to listen. My compliments for that.
They've never demonstrated otherwise in my entire history on the Java
mailing lists. Their whole mission is to produce a secure environment
for executing untrusted applications. The alpha's and beta's of
every product have problems, it's to be expected. The whole point
of releasing a beta is so that you can get feedback.
-Ray