[E-Lang] Announcing stl-E 0.8.9k: An interim non-distributed release

Karp, Alan alan_karp@hp.com
Tue, 2 Jan 2001 10:23:56 -0800

> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Tuesday, January 02, 2001 9:14 AM
> To: Karp, Alan; 'Jonathan S. Shapiro'
> Cc: E Language Discussions
> Subject: Re: [E-Lang] Announcing stl-E 0.8.9k: An interim
> non-distributed release
> > I thought we were talking about the class libraries 
> distributed by Sun.
> If
> > they wrote malicious byte code, we're all in big trouble.  
> The Princeton
> > group has done some great work.  At one point, I was 
> checking their site
> > weekly for updates.
> The issue is that malicious byte code can invoke the class 
> libraries in
> unanticipated ways, and that Javasoft has truly lousy habits 
> about argument
> checking.
> Jonathan
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang

Does that mean you can make a Java class access the file system by passing
it a bad argument even if there's no file access code in the class?  I've
heard of such attacks in other languages but not in Java.  If it's possible,
even theoretically, then my idea has no merit.  Of course, it makes every
other form of checking extremely difficult, too.

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278