[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java security concerns

To: [email protected]
Subject: Re: java security concerns
From: [email protected] (Dr. Frederick B. Cohen)
Date: Tue, 10 Oct 1995 06:20:04 -0400 (EDT)
In-Reply-To: <[email protected]> from "Perry E. Metzger" at Oct 10, 95 00:57:43 am
Sender: [email protected]

Perry writes:
> Ray Cromwell writes:
> >   Yes, it may be possible that exploiting holes in Java will be easier
> > than those in sendmail, just as it is easier to exploit a hole in 
> > software on a networked machine rather than a non-networked one. But this
> > can not be an argument against Java or its utility. The same arguments
> > were raised when Postscript first came out, yet the huge benefits
> > of postscript are obvious, while the amount of security damage
> > done by it is minimal.
> 
> Postscript is completely safe if the interpreter is emasculated, and
> most of them are. (It is a huge risk when run on a non-emasculated
> interpreter, but fortunately it is easy to castrate one of the things.)

I'm not clear on what you mean by emasculated.  It seems to me that
postscript interpreters are full of holes that can be exploited by
a cleaver enough attacker.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

References:
- Re: java security concerns
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: PC disk wipe software - SUPERWIPE 1.04R
Next by Date: Re: java security concerns
Prev by thread: Re: java security concerns
Next by thread: Re: java security concerns
Index(es):
- Date
- Thread