1996-01-27 - Re: Hack Java

Header Data

From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
To: crypto@midex.com
Message Hash: 0bc1a3667546428db932f3b9a7f32c4b01f9b9eef59966a07879bb189340ee61
Message ID: <199601240001.QAA25104@springbank.Eng.Sun.COM>
Reply To: N/A
UTC Datetime: 1996-01-27 07:19:03 UTC
Raw Date: Sat, 27 Jan 1996 15:19:03 +0800

Raw message

From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
Date: Sat, 27 Jan 1996 15:19:03 +0800
To: crypto@midex.com
Subject: Re: Hack Java
Message-ID: <199601240001.QAA25104@springbank.Eng.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain



]Both of you are correct if you look carefully at the assumptions.  Rich 
]assumes that you have a 'malicious compiler'.  Godmar is right that Java 
]does not utilize pointers in the byte code.  What would make the entire 
]scenario work is a malicious interpreter or a 'NotJava Browser'(TM) that 
]allowed malicious code to be executed.  Couple a bad compiler and a bad 
]interpreter and you are in buisness (nasty business that is).

Yes. And if you also let an intruder in your house, have them sit at
your computer with your newborn child in the room and go on vacation,
things can get really, really nasty.

Sort of like when you execute untrusted code in an untrusted
environment...

-- Benjamin
   Java Products Group





Thread