Re: Privilege-escalation attacks on NT-based Windows are unfixable
From: Edward Elliott (nobody@127.0.0.1)Date: 08/28/02
- Next message: those who know me have no need of my name: "Re: windows ip config file"
- Previous message: David Hopwood: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: David Hopwood: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Bryan Olson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Bryan Olson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: David Hopwood: "Security-oriented languages (was: Privilege-escalation attacks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Edward Elliott <nobody@127.0.0.1> Date: Wed, 28 Aug 2002 00:29:37 GMT
On Tue, 27 Aug 2002 18:11:47 -0400, David Hopwood wrote:
> Barry Margolin wrote:
>> Edward Elliott <nobody@127.0.0.1> wrote:
>> >Another good tactic. I see two ways to go about this. One is to
>> >design new languages and libraries with security in mind.
>>
>> Remember when Java was supposed to be that language? :(
>
> Java is one of those languages. Don't confuse any problems that apply
> only to running hostile code using ClassLoaders, with the properties
> of Java that help in writing secure applications.
If you're talking about avoiding buffer overflows, just about any
language with bounds checking should fit the bill. I don't see how Java
has any special protection against race conditions (synchronized code
helps protect what's in the app, but only if you use it properly. AFAIK,
external resources like files aren't protected from race conditions at
all).
I see Java as a step above C and possibly C++ (depending on how educated
your programmers are on security issues), but no better than any other
language with bounds checking and without raw pointers. Can anyone make
a good case that Java is more suitable for writing secure apps (not
"safe" apps, i.e. sandboxed code) than another language with these
features? What unique features does Java have that "help in writing
secure applications"?
-- Edward Elliott
- Next message: those who know me have no need of my name: "Re: windows ip config file"
- Previous message: David Hopwood: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: David Hopwood: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Bryan Olson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Bryan Olson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: David Hopwood: "Security-oriented languages (was: Privilege-escalation attacks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
