From: Simon Spero <ses@tipper.oit.unc.edu>
To: Bill Frantz <frantz@netcom.com>
Message Hash: b301029653de8f1271afd6f08e22ea52f0826e32a87fb3d25b5192a7cd7df4a2
Message ID: <Pine.SOL.3.91.960425162433.22627B-100000@chivalry>
Reply To: <199604252023.NAA00294@netcom9.netcom.com>
UTC Datetime: 1996-04-25 23:35:29 UTC
Raw Date: Thu, 25 Apr 1996 16:35:29 -0700 (PDT)
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 25 Apr 1996 16:35:29 -0700 (PDT)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Mindshare and Java
In-Reply-To: <199604252023.NAA00294@netcom9.netcom.com>
Message-ID: <Pine.SOL.3.91.960425162433.22627B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 25 Apr 1996, Bill Frantz wrote:
> At 10:47 PM 4/24/96 -0700, Rich Graves wrote:
> >code safely. I'm sorry, I'm just not interested in running untrusted code.
> >Give me digitally signed code that I can trust, or for which the author
> >can at least be held accountable, and I'll be happy.
>
> I, for one, am interested in running untrusted code. If I can run
> untrusted code, I can greatly reduce my exposure to Trojan horses and bugs.
> It bothers me that if I run Microsoft Word, it can trash my MacWrite
Both policies make sense in different circumstances; however,
refusing to run unsigned code, even though it reeks of FUCKING STATISM is
easier verify, and harder to circumvent; We're experimenting with both
approaches in Solid Oak (one classloader that rejects unsigned classes,
another that works with the security manager to use the signed IDs to
make policy decisions where necessary. That approach is the more
flexible, but it remains vulnerable to flaws in the policy manager if it
is somehow possible to do naughty things without going through the
security manager. If you require even untrusted code to be signed you at
least have a target-id to send to blacknet for attitude adjustment.
One thing that could be retroactively added to the vm pretty easily would
be the ability to add capability requirements to methods, and have the
class loader automatically generate code to check for those requirements
before executing the body of the method
Simon
---
They say in online country So which side are you on boys
There is no middle way Which side are you on
You'll either be a Usenet man Which side are you on boys
Or a thug for the CDA Which side are you on?
National Union of Computer Operatives; Hackers, local 37 APL-CPIO
Return to April 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”