[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: java security concerns
Simon Spero wrote:
>In my previous message, I left out some fundamental parts of the run-time
>that need to be looked at carefully. The garbage collection needs to be
>examined carefully. Normally GC algorithms are formally derived, so it's
>the implementation that needs to be checked for. holes in the GC may be
>too unpredictable to exploit for anything but core-dumping, especially since
>java uses a mark-sweep conservative collector.
>
FWIW, we had some ideas about how to attack the GC from untrusted code,
involving resurrection of objects during finalization. This turned out
not to work -- the Javoids apparently anticipated this problem in their
design.