[311] in java-interest
Extension Libraries (was: Java vs. Python)
daemon@ATHENA.MIT.EDU (Michael D. McCool)
Wed Jun 14 13:05:07 1995
Date: Wed, 14 Jun 95 12:41:22 -0400
From: "Michael D. McCool" <mmccool@cgl.uwaterloo.ca>
To: cman@communities.com, george@dvcorp.com
Cc: java-interest@java.Eng.Sun.COM
The other problem with extension libraries composed of native code,
of course, is that they are security holes. Every new library pokes
a new hole in the firewall, and eventually someone WILL distribute
a library with a sneaky bug (like the sendmail bug) that can be exploited
by a virus.
What would help would be
1) A set of guidelines on what to avoid in libraries to avoid
security holes, both the obvious (opening arbitrary files and
writing to them) and the not-so-obvious (avoiding variable-length
parameters, especially if you don't check the length).
2) Not providing certain features in the Java interface to obviate the
sneakier bugs.
3) Dare I say some kind of certification process? I.e. should
there be some kind of "peer review" before a library can be
made accessible on "trusted" servers? Would such a thing be
practical/enforceable? Would YOU trust certified libraries?
Under what conditions?
The certification process would help protect against deliberate sneaky bugs,
but might be hard to sustain.
Are there any references we could look at that analyse some of the above
problems, so we extension-writers can avoid doing too much damage to
(Hot)Java's security? What are YOUR guidelines? Do you attempt to
prove security?
---------
BTW, I'm working on a OO 3D "virtual" graphics API, along the lines of
OpenInventor, but which can map to multiple rendering architectures: OpenGL,
3DR, Phigs+, whatever. OpenInventor, unfortunately, assumes that it's
running on top of OpenGL, which has a few performance-inhibiting assumptions.
Such a library must run as an extension for two reasons: performance, and
access to graphics H/W (also a performance issue with a larger multiplier).
I'm doing this in the context of a "Courseware Development Environment"
running inside HotJava which will support SGML parsing, symbolic mathematics,
and simulation. I'd be interested in hearing from people working on
or contemplating similar projects.
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
