[52743] in Cypherpunks
Re: WSJ on Big Java Flaw
daemon@ATHENA.MIT.EDU (David Macfarlane)
Wed Mar 27 09:12:29 1996
Date: Wed, 27 Mar 96 08:51:34 EST
To: cypherpunks@toad.com
From: dmacfarlane@zip.sbi.com (David Macfarlane)
[snip]
> > Mr. Felten said that unscrupulous people who discovered the
> > flaw could boobytrap a Web page on the Internet,
> > essentially seizing control of the browser software of any
> > PC that tapped into that page. At that point, the hackers
> > could read or delete an entire hard disk of data files.
> > "The consequences of this flaw are as bad as they can be,"
> > he said.[..]
>
> The generalized halting problem comes to mind...
>
> Since it can be proved that there's no complete set of heuristics
> to tell if a given program has a characteristic (such as "secureness")
> then sooner or later someone will discover another security flaw.
>
> A question is whether a simple patch is made or if the set of heuristics
> is widened (ie, learn from mistakes) so that similar flaws can be found
> based on knowledge of that one flaw.
Since this Java error is probably deep in the bytecode interpreter,
the question is will Sun patch this *particular* problem, still allowing
others, or will it have to rewrite the interpreter so that it enforces
the language more rigorously? They are under pressure to make a
"quick fix" (they've promised something in two days), but real
security needs to be built in to a system from the ground up,
with disciplline and thorough design. If they need to redesign their
approach to implementing the bytecode interpreter, that could take
weeks, months?
BTW, its a testament to security through code review, as the Princeton
team probably could not have discovered this deep flaw without looking
through the code.
David Macfarlane.
