[e-lang] newbie, some starting questions
bry at xdocs.dk
bry at xdocs.dk
Tue Jul 6 09:14:52 EDT 2004
Tyler Close wrote:
>overflow attack against the JVM itself is still possible, but not
>against the application code written in either Java or E.
Okay that's good, the overall border one needs to guard is diminished, one only
needs to guard the fortress of the virtual machine, as opposed to everything,
then as well only certain applications running under the VM can be attacked with
anything resembling what would be considered success by an attacker, i.e.
ability to damage or own the system, due to their capability nature. Reminds me
of some of the metaphors/examples in the documentation I've seen, security is
heightened by limiting the range of targets. Makes good sense.
Okay it seems to me in a capability-based system some times you are going to be
writing applications that do need to have pretty much all permissions that would
be dangerous. Not sure off hand what those applications would be at the moment,
does anyone have examples/thoughts on how vulnerable applications would be
implemented, can the vulnerabilities be modularized so that attack points are
limited? Also it seems to me, if I were going to implement a vulnerable
application under a capability-based system I would want to implement ACL
controls for that application.
This might seem like some weird stuff here, but I have a hard time thinking that
any particular model is 100% wrong, so, although I do feel that capability feels
more right and more powerful I also have a natural tendency to believe that ACL
must have some rightness to it. For the sake of clarity it would be nice to know
what the right points of ACL are. By saying I would want to implement ACL
controls for a vulnerable application under a capability-based system this
relates to a feeling on my part that the capability-based system is better as an
By the way I appreciate what I've read of Waterken so far, although some of it
buzzed the top of my hair.
More information about the e-lang