[1256] in java-interest
Security etc
daemon@ATHENA.MIT.EDU (Chuck McManis)
Mon Aug 28 03:40:39 1995
Date: Sun, 27 Aug 1995 19:32:49 -0700
From: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
To: java-interest@java.Eng.Sun.COM
A couple of notes have made it clear that we're not getting through
on the security issue here. Consider for the moment that there is
_no way_ to write a piece of Java code that look's at an arbitrary
piece of memory (or writes it for that matter). You can't do it.
What this means is that it is fundamentally impossible to write
an operating system completely "in Java". You can't manipulate
thread state, you can't do any of those neat things that OSes
do in their day to day operations.
But you can offer the ability to poke arbitrary memory through
a Java aware interface. Consider the poke object:
----------------------- the definition of PokeMemory as a Java object
public class PokeMemory {
/**
* poke a byte into some random spot of memory.
*/
public static native void poke(int address, byte data);
/**
* peek at a byte in some random spot of memory
*/
public static native byte peek(int address);
}
--------------------------------------------------------------
And its implementation *IN C* of
------------------------ the implementation of PokeMemory in poke.c
#include <oobj.h>
#include <interpreter.h>
#include "PokeMemory.h"
void
PokeMemory_poke(
struct HPokeMemory *this,
long address,
char what)
{
*(char *)(address) = (char) what;
}
long
PokeMemory_peek(
struct HPokeMemory *this,
long address)
{
return (*(char *)(address));
}
--------------------------------------------------------------------------
Simple right? However it can't be used if you can't get a pointer to it.
And it can't be downloaded because you can't download a native
implementation and if you tried the verifier would deny it.
So to reiterate on what is fundamentally different between Java and
"the other guys" (as in BASIC, C, C++, etc) is that anything written
in JAVA is containable, anything accessing non-java code is controllable,
and anything attempting to get around the system is detectable.
You _can_ write bad things in Visual BASIC or download able "OCX's"
you can't write bad things in downloadable Java.
--Chuck
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
