Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: Edward Elliott (nobody@127.0.0.1)
Date: 08/28/02


From: Edward Elliott <nobody@127.0.0.1>
Date: Wed, 28 Aug 2002 16:16:25 GMT

On Wed, 28 Aug 2002 00:29:10 -0400, Bryan Olson wrote:
> Edward Elliott wrote:
> > If you're talking about avoiding buffer overflows, just about any
> > language with bounds checking should fit the bill. I don't see how
> > Java has any special protection against race conditions [...]
> >
> > What unique features does Java have that "help in writing secure
> > applications"?
>
> In no case does Java punt to undefined behavior. Race conditions can
> result in non-deterministic behavior, but never arbitrary behavior. It
> is not the only such language, but bounds-checking and lack of raw
> pointers are not enough.

Ok let's add that to the list of features which make Java a good choice
for secure applications:

1. Enforced bounds checking
2. No raw pointers
3. Synchronized keyword for thread safety
4. No undefined behavior

Any more?

Let's also make a list of what attacks these features mitigate, and to
what degree:

1. Buffer overflows (completely, barring VM bugs)
2. Internal race conditions (somewhat, synchronized must be used
properly)

Any more?

-- 
Edward Elliott



Relevant Pages