[E-Lang] Announcing stl-E 0.8.9k: An interim non-distributed release

Karp, Alan alan_karp@hp.com
Tue, 2 Jan 2001 09:07:41 -0800

I thought we were talking about the class libraries distributed by Sun.  If
they wrote malicious byte code, we're all in big trouble.  The Princeton
group has done some great work.  At one point, I was checking their site
weekly for updates.

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278

> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@cs.jhu.edu]
> Sent: Sunday, December 31, 2000 2:57 PM
> To: Karp, Alan
> Cc: 'Jonathan S. Shapiro'; E Language Discussions
> Subject: Re: [E-Lang] Announcing stl-E 0.8.9k: An interim
> non-distributed release
> "Karp, Alan" wrote:
> > The goal is not to be perfect; it's to reduce the amount of 
> code that has to
> > be examined by a person.  For example, executing any line 
> of code that
> > accesses the file system will be caught by the security manager...
> Alan, I believe that you are neglecting the possibility of attacks
> perpetrated by bytecode written in Java assembler.
> You really need to take a look at the results that have come out of Ed
> Felton's group at Princeton. I believe you will conclude on reflection
> that the claim you are trying to assert is unsustainable.
> Jonathan