[cap-talk] Language-based safety - notes and meat)
Jonathan S. Shapiro
shap at eros-os.org
Sun Nov 14 12:01:50 EST 2004
On Sun, 2004-11-14 at 11:49, Mark Miller wrote:
> I waive that request. If E were implemented in C, E's security would not
> depend on C's non-existent security. It had better not! For the current
> E-on-Java implementation, Java is just an implementation language, like C
> would be. E-on-Java's security depends no more on Java's security than an
> E-on-C's implementation would depend on C's.
Umm. Mark? You *do* know that the JVM can be beaten, don't you?
> So, regarding a security challenge, the current E-on-Java is the right target.
> And besides, E-on-Java exists now. A target in the hand is worth two in the
> bush, or something. Please fire away.
I'm not saying that E-on-Java is the wrong target. I'm saying that we
should focus our attention on flaws in E rather than flaws in the JVM.
This is especially true if it is expected that the JVM is an interim
solution rather than a long term commitment (I'm not clear whether the
last is your intention).
More information about the cap-talk