[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java security concerns

To: Ray Cromwell <[email protected]>
Subject: Re: java security concerns
From: "Perry E. Metzger" <[email protected]>
Date: Wed, 11 Oct 1995 09:18:38 -0400
Cc: [email protected]
In-Reply-To: Your message of "Wed, 11 Oct 1995 01:50:56 EDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Ray Cromwell writes:
>    I agree, however I would point out that not all postscript interpreters
> are emasculated (especially those on unix systems like IRIX, they contain
> all kinds of calls to fork(), read()/open(), etc).

Many postscript interpreters are a serious security threat. However, I
found it fairly easy to chop enough of the code out for the one I run
that I feel safe with it -- the exercise wasn't that hard.

> Nothing in the Java spec tells you that you must call fork() in a
> Java interpreter implementation. In fact, Java has nothing to do
> with the GUI calls, the network calls, etc. You can support as much
> or as little system I/O in a Java implementation as you want.

Yes, but in practice, to support the given applets that Netscape will
be browsing you have to open the kimono a bit too much overall. With
sufficient emasculation, I believe Java could be made safe, but then
it wouldn't be the Java that Sun and Netscape are pushing any more.

Perry

References:
- Re: java security concerns
  - From: Ray Cromwell <[email protected]>

Prev by Date: Re: Netscape & Fortessa
Next by Date: Re: [NOISE] was Re: java security concerns
Prev by thread: Re: java security concerns
Next by thread: Re: java security concerns
Index(es):
- Date
- Thread