1996-05-04 - Re: Calling other code in Java applications and applets

Header Data

From: minow@apple.com (Martin Minow)
To: cypherpunks@toad.com
Message Hash: 4b9cc222ba838992856c1b9782c1a3af474d1d2750caa080e9dbddd08d32b519
Message ID: <v02140b00adb14064cf1e@[17.128.200.85]>
Reply To: N/A
UTC Datetime: 1996-05-04 22:27:01 UTC
Raw Date: Sun, 5 May 1996 06:27:01 +0800

Raw message

From: minow@apple.com (Martin Minow)
Date: Sun, 5 May 1996 06:27:01 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
Message-ID: <v02140b00adb14064cf1e@[17.128.200.85]>
MIME-Version: 1.0
Content-Type: text/plain


Marianne Mueller (mrm@netcom.com) writes that

>
>people need to be aware up front
>that calling native code from a Java applet disables
>any security that might otherwise be enforced for the applet.
>

Would it be more accurate to state that native code called by a
Java applet disables Java virtual machine security, but is still
bound by security policies enforced by the operating system itself?

It would be most unfortunate if a browser run by an unprivileged
user could attain "root" privileges by running a Java applet that
called an appropriate (or inappropriate) native method.

Of course, on inherently unprotected systems (PC's), there is
indeed no protection.  Perhaps Java will cause vendors to improve
overall operating system robustness.

Martin Minow
minow@apple.com







Thread