[e-lang] Import wildcards harmful?

ihab.awad at gmail.com ihab.awad at gmail.com
Fri Dec 21 01:44:50 EST 2007


Hi folks,

I am wondering if import wildcards (and, more generally, any import
mechanism that grants the servant module the ability to insert things into
the client's namespace) is inherently unsafe. In Joe-E, assume that I wrote
code to do --

  import com.good.*;
  import com.evil.*;

  x = new Foo(); // comes from Good.com

If there also existed a "com.evil.Foo", the Java compiler would flag this as
an error. However, if Good.com dropped support for "com.good.Foo", and
Evil.com caught wind of that and quickly rolled out their own "com.evil.Foo",
there could be a window of time when instances of my code "in the wild"
would be vulnerable to the resulting substitution attack.

How does that map to the threat model of Joe-E? Is it a concern? Should
Joe-E reject all import wildcards?

Ihab

-- 
Ihab A.B. Awad, Palo Alto, CA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/e-lang/attachments/20071220/359c3d38/attachment.html 


More information about the e-lang mailing list