1996-03-28 - Re: WSJ on Big Java Flaw

Header Data

From: pcw@access.digex.net (Peter Wayner)
To: Mutant Rob <wlkngowl@unix.asb.com>
Message Hash: b59c62b86174b879b03ff47669a89facf058e9e7ee95fb2ed05596cf5d922d53
Message ID: <v02140b00ad7f319f86ce@[199.125.128.5]>
Reply To: N/A
UTC Datetime: 1996-03-28 10:29:35 UTC
Raw Date: Thu, 28 Mar 1996 18:29:35 +0800

Raw message

From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 28 Mar 1996 18:29:35 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: WSJ on Big Java Flaw
Message-ID: <v02140b00ad7f319f86ce@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain


>John Young wrote:
>>    Wall Street Journal, March 26, 1996, p. B4.
>>    Researchers Find Big Security Flaw In Java Language
>>    By Don Clark
>>
>>    A team of Princeton University researchers said they
>>    discovered the most serious security flaw yet in the widely
>>    used Java programming language from Sun Microsystems Inc.
>>
>>    he said.[..]
>
>The generalized halting problem comes to mind...
>
>Since it can be proved that there's no complete set of heuristics
>to tell if a given program has a characteristic (such as
>"secureness")
>then sooner or later someone will discover another security flaw.
>
>A question is whether a simple patch is made or if the set of
>heuristics
>is widened (ie, learn from mistakes) so that similar flaws can
>be found
>based on knowledge of that one flaw.

Well, actually, the halting problem doesn't really apply here.
Imagine you've got a two tape Turing machine. Then go into the
control function and block out all calls that either write or
read tape 2. I contend it is trivial to prove that no program
that runs on tape 1 will ever read or write tape 2.

It is quite possible to prove that certain mathematical feats
can't be done. You can use algebra to prove that there is no way
to trisect an angle with just a compass and a straight-edge.
Godel's theorem and its corollary work on Turing machines, only
shows that you can't come up with a general mathematical
procedure for proving or disproving all statements all of the
time.

I think it is quite possible for Sun to build a secure version
of Java. It might take many iterations and they might make some
subtle mistakes, but time should allow them to plug these holes.
They're simply trying to make sure that all of their various
doo-dads and extras don't write tape 2. Their abstract model is
much more complex than a Turing machine, but it is much simpler
than C code or the UNIX OS.

-Peter







Thread