[E-Lang] Announcing stl-E 0.8.9k: An interim
non-distributed release
Mark S. Miller
markm@caplet.com
Tue, 02 Jan 2001 14:52:18 -0800
At 09:14 AM Tuesday 1/2/01, Jonathan S. Shapiro wrote:
>> I thought we were talking about the class libraries distributed by Sun.
>If
>> they wrote malicious byte code, we're all in big trouble. The Princeton
>> group has done some great work. At one point, I was checking their site
>> weekly for updates.
>
>The issue is that malicious byte code can invoke the class libraries in
>unanticipated ways, and that Javasoft has truly lousy habits about argument
>checking.
In the scenario I believe we're talking about, there is no malicious byte
code in the address space, unless it came with the JDK or E distributions,
or otherwise as a part of the UTCB. The only locally untrusted code is
supposed to be E code. If you install untrusted Java code in the same
address space, you're on your own, and E makes no claims about your security.
Cheers,
--MarkM