[E-Lang] Announcing stl-E 0.8.9k: An interim non-distributed release

Karp, Alan alan_karp@hp.com
Tue, 2 Jan 2001 09:25:44 -0800

I just read MarkM's note on the subject, and I agree with his interpretation
of my suggestion.  He did give me one idea for dealing with untrusted
classes.  Can I disassemble the class to Java source and recompile with a
compiler I installed on my own machine?  Won't this approach take care of
the malicious byte code attacks?  Either they won't produce Java at all, or
something in the Java will prevent compilation.

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278

> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@cs.jhu.edu]
> Sent: Sunday, December 31, 2000 2:57 PM
> To: Karp, Alan
> Cc: 'Jonathan S. Shapiro'; E Language Discussions
> Subject: Re: [E-Lang] Announcing stl-E 0.8.9k: An interim
> non-distributed release
> "Karp, Alan" wrote:
> > The goal is not to be perfect; it's to reduce the amount of 
> code that has to
> > be examined by a person.  For example, executing any line 
> of code that
> > accesses the file system will be caught by the security manager...
> Alan, I believe that you are neglecting the possibility of attacks
> perpetrated by bytecode written in Java assembler.
> You really need to take a look at the results that have come out of Ed
> Felton's group at Princeton. I believe you will conclude on reflection
> that the claim you are trying to assert is unsustainable.
> Jonathan