[2607] in java-interest
Re: typesafe socket communication
daemon@ATHENA.MIT.EDU (Arthur van Hoff)
Thu Oct 5 21:57:04 1995
Date: Thu, 5 Oct 1995 16:45:48 -0700
From: Arthur.Vanhoff@Eng.Sun.COM (Arthur van Hoff)
To: zsimpson@eden.com
Cc: java-interest@java.Eng.Sun.COM
Hi,
> In a previous message, Arthur said that remote persistent objects were not
implementable because of a hornet's nest of security problems. We think that we
understand these security problems, but we're not sure. We're guessing that you
mean that arbitray type casts from byte[] to some class will mean that it is
possible to "lie" to the runtime system and convince it that you're handing it
one structure when in fact you're handing it something else. However, this is
only a security problem if any of the destination fields of the class are
considered pointers (i.e. not atomic data types like int, etc.) Even if the
data stream did get typecast into a class which contained an object pointer,
these object pointers could be double checked against the heap address space
during the instanciation to avoid creating a pointer outside of the heap (i.e. a
potential virus).
>
> Thus, we clearly don't understand the problem since Arthur is saying that
there is a big security risk here. As far as we can tell, you should be able to
implement this is a totally typesafe fashion. Additionally, it seems like the
ClassLoader class already has this problem (other than the fact that we can't
figure out how to write out a class that it knows how to read back in! :)
The problem that I was talking about is that anyone can make up a stream
of bytes that can be turned into an object. Currently we can treat object
references as capabilities because they are unforgable. This may not be
the case in your scheme.
Also, if I wanted to change the value of a private variable I could try
to persistify the object, modify the data, and de-persistify it. How do
you stop that from happening.
All this can be solved using public key encryption, but that is a another
can of worms.
Have fun,
Arthur van Hoff
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
