[cap-talk] the prize
Ben Laurie
ben at algroup.co.uk
Tue Nov 2 07:02:35 EST 2004
Stiegler, Marc D wrote:
> David, you are the one who was able to rip through an app that *was*
> written in a capability secure language, with no ambient authorities
> laying around, and still find great security breaches. Think how
> boringly easy it would be to find breaches in a program written with a
> language where all those super-power authorities are just laying around,
> begging to be abused, with only the willpower of the programmer at 2AM
> in the morning before the deadline standing between that power and a
> breach :-)
>
> While I'm responding, since you used Java as your example, just thought
> I'd mention that a capability-secure version of 100%pure Java, Joe-E, is
> possible, if you use an appropriate verifier. That version of Java could
> make sense -- but it is once again a true capability-secure language.
Interesting. Could this approach be applied to C++? Perl? Python?
Cheers,
Ben.
--
ApacheCon! 13-17 November! http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the cap-talk
mailing list