[1382] in java-interest
Security and Java
daemon@ATHENA.MIT.EDU (Martin Taylor)
Thu Aug 31 13:41:10 1995
Date: Thu, 31 Aug 1995 15:05:03 +0100
From: Martin Taylor <m.taylor@ELSEVIER.CO.UK>
To: java-interest-digest@java.sun.com
I've been following this list hoping to find a discussion of what I think are
the security issues surrounding the use of the Java language, but so far
with only limited success. I think this may be partly because Sun have
restricted themselves to a consideration of security issues addressable
by the language design and by the design of the HotJava browser, but I
feel that the issues are broader than this. I'd like to put forward some of
the things that worry me about Java to see what people's reactions are.
(1) Java functionality is going to be incorporated into Netscape. Issues
arising:
(a) I cannot realistically expect to restrict the use of Java-capable
clients pending a proper investigation of the security issues. Easy
availability and user pressure will ensure that it happens whether I want
it to or not. This means that all relevant security issues should be being
discussed _now_, in whatever forums are available - Sun's proposed
formal statement of the security requirements of the system runs the risk
of being too late.
(b) Non-Sun implementations (Netscape?) may compromise Sun's
security objectives, either through relaxations of the standard or through
poor implementation. This may not be under Sun's control, but it may
nevertheless reflect on Sun in the long term.
(2) Chuck McManis has stated that it is possible to write an applet that
displays a rude picture. Fine - this is behaviour familiar to those who deal
with PC viruses, and does in fact constitute a problem in a corporate
environment. What else can an applet do? I've found it a little confusing
running through the programmer documentation (possibly because my
programming days are behind me :-)), but I'm not clear on whether
applets can:
- manipulate the client's file system;
- use the client's network sockets in an arbitrary way;
- manipulate the client machine envioronment in any way more subtle
than spinning at high priority.
The real problem for us security managers, Sun people, is that we are
being invited - nay, forced - to accept into our client execution
environments code which we have no opportunity to validate; which is
written by people we don't know from Adam; and of whose capabilities
many of us are ignorant. We spend a good deal of time and effort trying
not to let this sort of thing happen in other contexts - viruses, trojans and
general unauthorised software - and I think you should understand our
legitimate fears that widespread use of Java may give us a serious
problem.
Your comments will be more than welcome (to the list, please).
Martin Taylor
IT Security Manager, Elsevier Science Ltd
m.taylor@elsevier.co.uk
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
