[E-Lang] Announcing stl-E 0.8.9k: An interim non-distributed release

Mark S. Miller markm@caplet.com
Tue, 02 Jan 2001 14:52:18 -0800


At 09:14 AM Tuesday 1/2/01, Jonathan S. Shapiro wrote:
>> I thought we were talking about the class libraries distributed by Sun.
>If
>> they wrote malicious byte code, we're all in big trouble.  The Princeton
>> group has done some great work.  At one point, I was checking their site
>> weekly for updates.
>
>The issue is that malicious byte code can invoke the class libraries in
>unanticipated ways, and that Javasoft has truly lousy habits about argument
>checking.

In the scenario I believe we're talking about, there is no malicious byte 
code in the address space, unless it came with the JDK or E distributions, 
or otherwise as a part of the UTCB.  The only locally untrusted code is 
supposed to be E code.  If you install untrusted Java code in the same 
address space, you're on your own, and E makes no claims about your security.


        Cheers,
        --MarkM