Re: Java in OS?
Paul H. Hargrove (hargrove@sccm.stanford.edu)
Tue, 7 May 1996 18:33:24 -0700 (PDT)
Herbert Wengatz wrote:
> +> Actually a binfmt_java.o module that would be invoked if the
> +> kernel recognized a magic number at the start of a Java byte-code
> +> executable would make sense. It would, of course, invoke a user-space
> +> Java interpreter not a kernel-space one.
>
> Uuuuughhhh! Aaaaaagggghhhh!
>
> I'll NEVER go and include this security-hole into my kernel!!!!!!!
>
> :-((((((((
>
> There are already enough into my system! :-(
>
> Regards,
>
> Herbert
> __________________________________________________________________________
> Herbert Wengatz,82049 Pullach |Disclaim: This Mail is my own opinion,>
> Office :hwe@uebemc.siemens.de |not that of my company. ***
> Private:hwe@rtfact.muc.de | oo-)
> http://www.muc.de/~hwe/rtfact (new & improved !!!!!!) m_/
> --------------------------------------------------------------------------
> >> Support Randal L. Schwartz! For details email to:fund@stonehenge.com <<
How is this any different that what happens for executables
that start with "#!/usr/bin/perl"? The only difference is that the
Java interpreter is invoked instead of the perl (or whatever)
interpreter. The idea is essentialy that a Java binary becomes as
usable as a native binary. Invoking a Java binary in this manner is
no more or less secure than running ANY binary that you have retrieved
from the Internet, except that if the bytecode verifier actually
worked you would have a certain level of security assurances, much as
taintperl gives you some security assurances for perl scripts.
On the assumption that the bytecode verifier worked, running a
Java executable should be far safer than running an a.out or ELF binary
that was downloaded from "Joe Hacker's Web Page".
----
Paul H. Hargrove All material not otherwise attributed
hargrove@sccm.stanford.edu is the opinion of the author or a typo.