[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack Java

To: [email protected]
Subject: Re: Hack Java
From: Matt Miszewski <[email protected]>
Date: Tue, 23 Jan 1996 23:02:54 -36000
Cc: Rich Salz <[email protected]>, [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Tue, 23 Jan 1996 [email protected] wrote:

[much elided stuff]

> > Now suppose, I fake a compiler (or I have a malicious compiler)
> > and I generate by hand malicious byte code such that
> > in the symbol tables, tricky_pointer and data have the same
> > offset.
> > 
> 

[more stuff taken out]

Godmar Said:

> 
> To my knowledge, the Java, and Java bytecode does not imply
> any memory layout. I doubt it makes sense to demand to check
> that 'offset do not overlap in memory'.
> 

Both of you are correct if you look carefully at the assumptions.  Rich 
assumes that you have a 'malicious compiler'.  Godmar is right that Java 
does not utilize pointers in the byte code.  What would make the entire 
scenario work is a malicious interpreter or a 'NotJava Browser'(TM) that 
allowed malicious code to be executed.  Couple a bad compiler and a bad 
interpreter and you are in buisness (nasty business that is).

Matt

References:
- Re: Hack Java
  - From: [email protected]

Prev by Date: Re: IPSEC == end of firewalls
Next by Date: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
Prev by thread: Re: Hack Java
Next by thread: Re: Hack Java
Index(es):
- Date
- Thread