[1627] in java-interest
Security
daemon@ATHENA.MIT.EDU (halpern_eric)
Mon Sep 11 19:24:13 1995
Date: Mon, 11 Sep 1995 13:55:01 -0700
From: erich@loc100.tandem.com (halpern_eric)
To: java-interest@java.sun.com
After reading "HotJava: The Security Story", I have couple of questions.
If anyone can answer them, I'd greatly appreciate it.
According to the paper, one property ensured by the bytecode verifier is that
"when there are two execution paths into the same point, they must arrive
there with exactly the same type state". This is to protect against, for
example, a loop copying an array onto the stack.
1. How can Java protect against this and still allow for recursive function
calls? On first thought it seems that this could only be accomplished
if the "type state" of the stack only includes the current call frame.
But an array can easily be copied onto the stack using a recursive
function call, so disallowing one without disallowing the other doesn't
really solve the problem. What's going on here?
2. How could a malicious program take advantage of copying an array to the
stack? Are there any concrete examples of hacks that do such a thing?
I am putting together a presentation on Java and would like to give some
concrete examples of hacks that the runtime protects against. If anyone has
good papers/books/urls to suggest that discuss the kinds of security concerns
that system like Java must address, I'd sincerely appreciate the references.
Thanks, Eric
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
