[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java insecurity - long - argumentative - you are warned.
- To: [email protected]
- Subject: Re: Java insecurity - long - argumentative - you are warned.
- From: [email protected]
- Date: Fri, 10 Nov 1995 21:38:43 -0800
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
- Sender: [email protected]
On Tue, 7 Nov 1995, Dietrich J. Kappe wrote:
> >>> While all this checking appears excruciatingly detailed, by the time
> >>> the byte code verifier has done its work, the Java interpreter can
> >>> proceed knowing that the code will run securely. Knowing these
> >>> properties makes the Java interpreter much faster, because it doesn't
> >>> have to check anything.
> >Yikes!! I'll leave this for someone else to address. This sounds to me
> >like a variation on virus scanning. I think that there are far more
> >reputable virus experts than I who can comment and expand on *flaws* with
> >that approach.
> This "checking," as any comp-sci undergrad will tell you, amounts to solving
> the halting problem for the java interpreter. While this is possible for a
> finite state automata like the java interpreter (made more difficult by the
> fact that it can use the "net" for additional state), it is not even
> remotely feasable.
OK, so by saying that it is not "even remotely feasable", you're saying
that any comp-sci undergraduate will say that it can't be done?
That is what "not even remotely feasable" means, doesn't it?? I mean,
even if Marketing wants this problem solved, that won't be enough?
> If you can write a checker that works in a reasonable amount of time, I'll
> write a turing machine simulator that'll do something nasty if the input
> machine halts. Then we'll split the fame and fortune for solving the 5 state
> Busy Beaver problem. Deal?
I'm sorry, I only work for T-shirt and mug contests. <grin> That fifteen
minutes of fame thingy, just isn't my cup of tea.
> Dietrich Kappe | Red Planet http://www.redweb.com
> Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key
> 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt
> Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84
Alice de 'nonymous ...
...just another one of those...
P.S. This post is in the public domain.
C. S. U. M. O. C. L. U. N. E.