1995-10-10 - Re: java security concerns

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: m5@dev.tivoli.com (Mike McNally)
Message Hash: 129c51ac81081b890eaeaa40eca889c12034c2beae0f0f70c977378e5abd445a
Message ID: <199510101500.LAA02245@jekyll.piermont.com>
Reply To: <9510101301.AA28597@alpha>
UTC Datetime: 1995-10-10 15:01:17 UTC
Raw Date: Tue, 10 Oct 95 08:01:17 PDT

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 10 Oct 95 08:01:17 PDT
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: java security concerns
In-Reply-To: <9510101301.AA28597@alpha>
Message-ID: <199510101500.LAA02245@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike McNally writes:
>  > I can
>  > physically remove all the "dangerous" calls from a Postscript
>  > interpreter and still have it be useful.
> 
> I don't see the difference.  An interpreter is an interpreter.

I suppose most of this is dead obvious to me because I work in
security every day, but it seems that some otherwise smart people don't
see the point I'm making, repeatedly.

As an exercise to the reader compare the following two tasks in
difficulty.

1) Find a bug that lets you execute arbitrary programs unintentionally
   from a program that contains instances of the 'fork()' system call.

2) Find a bug that lets you execute arbitrary programs unintentionally
   from a  program that contains *no* instances of the 'fork()' system call.

[hint: it is much harder to get a program to do something that it has
no code at all to do than to get it to do a buggy form of a something
it already does.]

Perry





Thread