From: cman@communities.com (Douglas Barnes)
Date: Tue, 10 Oct 95 09:39:04 PDT
To: cypherpunks@toad.com
Subject: Re: java security concerns
Message-ID: <v02120d03aca05dde70fb@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero wrote:
>In my previous message, I left out some fundamental parts of the run-time
>that need to be looked at carefully. The garbage collection needs to be
>examined carefully. Normally GC algorithms are formally derived, so it's
>the implementation that needs to be checked for. holes in the GC may be
>too unpredictable to exploit for anything but core-dumping, especially since
>java uses a mark-sweep conservative collector.
>

FWIW, we had some ideas about how to attack the GC from untrusted code,
involving resurrection of objects during finalization. This turned out
not to work -- the Javoids apparently anticipated this problem in their
design.