[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: java security concerns
Perry:
>By the way, I suggest that Sun should offer a large money prize for
>the first significant security hole found the Java implementation. Its
>a tiny price to pay for security.
Chuck:
> I don't think the lawyers would let us.
>
This is a shame. What reason would they have for not letting
you? It could well be a very good marketing move. Maybe your marketing
dept can convince the legal dept.
> Would anyone be interested in a Java daemon that one could send arbitrary
> classes to in an attempt to subvert the runtime? I once thought this would
> be a good way to give safe exposure to the system in general. You know sort
> of "here's a program that can feed classes to a Java runtime on a system
> which is known to have a file X on it. Try to return the contents of X."
>
> It probably wouldn't be to useful beyond that, and it would only validate
> the classes you have access to, not necessarily the full set in a release.
> (hence my not doing it given its utility only in testing the core runtime)
>
That, and a cash reward for getting the contents would be even
better.
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") [email protected]