harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Wielaard <m...@klomp.org>
Subject Re: State of the World (it's security)
Date Tue, 10 May 2005 12:27:42 GMT

On Mon, 2005-05-09 at 21:59 -0400, Bob wrote:
> >> Maybe it seems like a grim environment for starting a new project.
> As I mentioned in my last post, proper implementation (and 
> verification) of the Java Security Model is a strongly compelling 
> technical story.  And it is still WIDE OPEN.  If you wish to develop a 
> protocol in which (potentially malicious) code can be WRITTEN on 
> computer A, then SENT to computer B and run in a sandbox in a secure 
> and flexible manner as determined by the administrator of System B ---- 
> then there is NO open source project that will support that 
> functionality, nor is there currently any open source project that 
> intends to build that functionality.  Not GCJ.  Not Kaffee.  Not .GNU.  

Please do some research before posting. GNU Classpath provides all the
packages, classes and code needed by the core libraries to support this.
The various runtimes (ikvm, gcj and kaffe) all come with a byte code
verifier. There is also a Mauve verify module containing verifier tests.

What is missing is a jarsigner utility (but jar verification works,
including assigning ProtectionDomains) and there certainly some bugs
(see gcc bugzilla to find some) since it hasn't been stress tested. This
is the reason gcjwebplugin is currently blocked from entering Debian and
Fedora, they (rightly!) think it is currently to high a security risk.

What needs to be done to complete all this is write more testcases for
the Mauve verifier component. Audit all code. And actually fix any
issues found. Probably the best way to do this is by getting a copy of
Inside Java 2 Architecture, API Design and Implementation from Li Gong
(get the second edition!) and go through it and the GNU Classpath
library code to make sure all permission checks are done at the right

Other interesting approaches are using valgrind to find low level bugs.
Or run tools like FindBugs, CheckStyle, JLint, PMD, etc over GNU
Classpath and report (and fix!) any issues found. Integrate gcjwebplugin
out of process with SELinux mandatory access controls when run from



View raw message