1995-10-10 - Re: java security concerns

Header Data

From: sameer <sameer@c2.org>
To: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
Message Hash: 0a4592dcba99a79c3458ef8b9b6c2acb5ca0e5bd19e00a72b9b6e7a76216dbd9
Message ID: <199510100051.RAA03799@infinity.c2.org>
Reply To: <9510100030.AA29195@pepper.Eng.Sun.COM>
UTC Datetime: 1995-10-10 00:57:43 UTC
Raw Date: Mon, 9 Oct 95 17:57:43 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Mon, 9 Oct 95 17:57:43 PDT
To: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
Subject: Re: java security concerns
In-Reply-To: <9510100030.AA29195@pepper.Eng.Sun.COM>
Message-ID: <199510100051.RAA03799@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Perry:
>By the way, I suggest that Sun should offer a large money prize for
>the first significant security hole found the Java implementation. Its
>a tiny price to pay for security.


Chuck:
> I don't think the lawyers would let us. 
> 

	This is a shame. What reason would they have for not letting
you? It could well be a very good marketing move. Maybe your marketing
dept can convince the legal dept.

> Would anyone be interested in a Java daemon that one could send arbitrary
> classes to in an attempt to subvert the runtime? I once thought this would
> be a good way to give safe exposure to the system in general. You know sort
> of "here's a program that can feed classes to a Java runtime on a system
> which is known to have a file X on it. Try to return the contents of X."
> 
> It probably wouldn't be to useful beyond that, and it would only validate
> the classes you have access to, not necessarily the full set in a release.
> (hence my not doing it given its utility only in testing the core runtime)
> 

	That, and a cash reward for getting the contents would be even
better. 

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org

Thread

• Return to October 1995

• Return to “Aleph One <aleph1@dfw.net>”
• Return to “Brian Davis <bdavis@dg.thepoint.net>”
• Return to “cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)”
• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to “John Lull <lull@acm.org>”
• Return to “m5@dev.tivoli.com (Mike McNally)”
• Return to “Michael Froomkin <froomkin@law.miami.edu>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “Ray Cromwell <rjc@clark.net>”

• Return to “sameer <sameer@c2.org>”

• 1995-10-10 (Mon, 9 Oct 95 17:29:54 PDT) - Re: java security concerns - cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
  • 1995-10-10 (Mon, 9 Oct 95 17:57:43 PDT) - Re: java security concerns - sameer <sameer@c2.org>
    • 1995-10-10 (Mon, 9 Oct 95 21:42:35 PDT) - Re: java security concerns - Ray Cromwell <rjc@clark.net>
      • 1995-10-10 (Mon, 9 Oct 95 21:58:03 PDT) - Re: java security concerns - “Perry E. Metzger” <perry@piermont.com>
        • 1995-10-10 (Mon, 9 Oct 95 22:36:21 PDT) - Re: java security concerns - Aleph One <aleph1@dfw.net>
          • 1995-10-10 (Mon, 9 Oct 95 22:48:05 PDT) - Re: java security concerns - “Perry E. Metzger” <perry@piermont.com>
            • 1995-10-10 (Mon, 9 Oct 95 23:16:10 PDT) - Re: java security concerns - Ray Cromwell <rjc@clark.net>
          • 1995-10-10 (Tue, 10 Oct 95 06:02:10 PDT) - Re: java security concerns - m5@dev.tivoli.com (Mike McNally)
            • 1995-10-10 (Tue, 10 Oct 95 08:01:17 PDT) - Re: java security concerns - “Perry E. Metzger” <perry@piermont.com>
              • 1995-10-11 (Tue, 10 Oct 95 22:51:12 PDT) - Re: java security concerns - Ray Cromwell <rjc@clark.net>
                • 1995-10-11 (Wed, 11 Oct 95 06:19:04 PDT) - Re: java security concerns - “Perry E. Metzger” <perry@piermont.com>
        • 1995-10-10 (Tue, 10 Oct 95 03:22:23 PDT) - Re: java security concerns - fc@all.net (Dr. Frederick B. Cohen)
      • 1995-10-10 (Tue, 10 Oct 95 03:44:37 PDT) - Re: java security concerns - fc@all.net (Dr. Frederick B. Cohen)
  • 1995-10-10 (Tue, 10 Oct 95 10:14:09 PDT) - Re: java security concerns - John Lull <lull@acm.org>
    • 1995-10-11 (Wed, 11 Oct 95 08:59:53 PDT) - Re: java security concerns - Michael Froomkin <froomkin@law.miami.edu>
    • 1995-10-12 (Thu, 12 Oct 95 12:37:02 PDT) - Re: java security concerns - Brian Davis <bdavis@dg.thepoint.net>