Return-Path: Delivered-To: apmail-incubator-harmony-dev-archive@www.apache.org Received: (qmail 77442 invoked from network); 1 Jul 2005 17:07:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Jul 2005 17:07:08 -0000 Received: (qmail 3592 invoked by uid 500); 1 Jul 2005 17:07:01 -0000 Delivered-To: apmail-incubator-harmony-dev-archive@incubator.apache.org Received: (qmail 3532 invoked by uid 500); 1 Jul 2005 17:07:01 -0000 Mailing-List: contact harmony-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: harmony-dev@incubator.apache.org Delivered-To: mailing list harmony-dev@incubator.apache.org Received: (qmail 3518 invoked by uid 99); 1 Jul 2005 17:07:00 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2005 10:07:00 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: 217.155.92.109 is neither permitted nor denied by domain of ben@algroup.co.uk) Received: from [217.155.92.109] (HELO mail.links.org) (217.155.92.109) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2005 10:07:03 -0700 Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id D10DC33C1A for ; Fri, 1 Jul 2005 18:07:03 +0100 (BST) Message-ID: <42C577B7.4050102@algroup.co.uk> Date: Fri, 01 Jul 2005 18:04:55 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: harmony-dev@incubator.apache.org Subject: Re: Security References: <42C4DF5C.3000508@theory.org> In-Reply-To: <42C4DF5C.3000508@theory.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Neil Macneale wrote: > > Hello All- > > I've been lurking for awhile and I think the significant discussion > about security in the Harmony JVM has been missing. Considering such > ideas as hot compiling code and making it executable sets off big alarm > bells in my head. > > One huge pitfall in many software projects is putting off security until > later. Auditing of code becomes much more difficult as the code base > become large. Furthermore, as code grows old, people forget how it works. > > Somehow the java gods have convinced the world that java is secure. But > that all relies on a the JVM executing as documented and with no > security holes of it's own. The number of ways in which a JVM could open > security vulnerabilities in a system is enormous, and this is amplified > by the fact that the language it self has a security model which is > fairly complex. > > One of the reasons I am in favor of implementing as much of the JVM in > Java is that I think it is easier to write secure code in Java than in > C/C++. A small core in C/C++ would be reasonable, but from a reviewers > standpoint it is more difficult to guarantee that a piece of C code is > secure. Generally speaking, of course. > > I'd be happy to read people's code and look for bugs, and I may end up > doing this just for yucks. Are other people concerned about this? > Thoughts, comments? I was initially tempted to say "those who do not read the archives are doomed to repeat them" but I guess this is (yet another) slightly different slant on the debate. So, it seems to me that when you say its easier to write secure code in Java than C what you really mean is that its easier to write code free of buffer overflows in Java than C. I can't think of _any_ other interesting security properties that Java has and C lacks. Am I missing something? Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff