[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WSJ on Big Java Flaw



Mutant Rob <[email protected]> writes:

 > The generalized halting problem comes to mind...

While it can be demonstrated that no algorithm exists to
determine whether an arbitrary Turing machine will halt, good
programs generally belong to a class somewhat less expansive than
the totality of possible Turing machines.  By imposing perfectly
reasonable constraints on program structure, it is trivial to
guarantee program termination with almost no loss in the
functionality of the typical programming language.

Indeed, any computer program which executes only forward
branches, and in which the iteration counts of all loops are
known at the time they are entered, is guaranteed to terminate.
Many people would even consider such things to be good
programming practice.

In general, the types of computer program characteristics which
make determination of halting impossible are precisely the
characteristics one does not want in trusted code, because they
make understanding the code and debugging the code intractable.

 > Since it can be proved that there's no complete set of
 > heuristics to tell if a given program has a characteristic
 > (such as "secureness") then sooner or later someone will
 > discover another security flaw.

Again, a statement which applies to Turing machines, but not to
Java.  Java has been carefully restricted to ensure that a
complete analysis of proper program behavior is possible with a
combination of runtime checks and pre-execution scanning of
imported bytecode files.  This was designed into Java from the
start.

While the abstract Java machine is provably secure, real world
implementations may suffer from the usual plethora of ills, such
as creeping damage from overflowed buffers on the stack.  This in
no way implies any faults with Java itself, and such bugs in Java
implementations will be corrected in the usual way with the
passage of time.

 > A question is whether a simple patch is made or if the set
 > of heuristics is widened (ie, learn from mistakes) so that
 > similar flaws can be found based on knowledge of that one
 > flaw.

Again, there are no known security flaws in the abstract Java
machine.  Once all bugs and oversights in existing Java
interpreters are corrected, all Java programs will be rendered
incapable of causing damage to the platforms they are run on,
unless explicitly permitted to do so by an authorized person.

Some patience while the Java support in packages like Netscape
Navigator undergoes the normal process of evolution is to be
encouraged.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]     $    via Finger.                      $