[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java security concerns



Perry writes:
> Ray Cromwell writes:
> >   Yes, it may be possible that exploiting holes in Java will be easier
> > than those in sendmail, just as it is easier to exploit a hole in 
> > software on a networked machine rather than a non-networked one. But this
> > can not be an argument against Java or its utility. The same arguments
> > were raised when Postscript first came out, yet the huge benefits
> > of postscript are obvious, while the amount of security damage
> > done by it is minimal.
> 
> Postscript is completely safe if the interpreter is emasculated, and
> most of them are. (It is a huge risk when run on a non-emasculated
> interpreter, but fortunately it is easy to castrate one of the things.)

I'm not clear on what you mean by emasculated.  It seems to me that
postscript interpreters are full of holes that can be exploited by
a cleaver enough attacker.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236