Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: Edward Elliott (nobody@
Date: 08/28/02

From: Edward Elliott <nobody@>
Date: Wed, 28 Aug 2002 16:16:25 GMT

On Wed, 28 Aug 2002 00:29:10 -0400, Bryan Olson wrote:
> Edward Elliott wrote:
> > If you're talking about avoiding buffer overflows, just about any
> > language with bounds checking should fit the bill. I don't see how
> > Java has any special protection against race conditions [...]
> >
> > What unique features does Java have that "help in writing secure
> > applications"?
> In no case does Java punt to undefined behavior. Race conditions can
> result in non-deterministic behavior, but never arbitrary behavior. It
> is not the only such language, but bounds-checking and lack of raw
> pointers are not enough.

Ok let's add that to the list of features which make Java a good choice
for secure applications:

1. Enforced bounds checking
2. No raw pointers
3. Synchronized keyword for thread safety
4. No undefined behavior

Any more?

Let's also make a list of what attacks these features mitigate, and to
what degree:

1. Buffer overflows (completely, barring VM bugs)
2. Internal race conditions (somewhat, synchronized must be used

Any more?

Edward Elliott

Relevant Pages