thanks a lot for this report. It is obviously important to get those things right. Not every JVM uses those C routines (some like JNode and Jaos don't even have C available), but since the code is released, it should also be secure.
-Patrik
-------------------------------- Patrik Reali http://www.reali.ch/~patrik/
--On Montag, 1. M�rz 2004 08:45 +0100 Johan Peeters <[EMAIL PROTECTED]> wrote:
at FOSDEM, we discussed how I might help to improve free Java's security. It seems to me that, for the edifice to be secure, the native layer's security is absolutely essential. I scanned the native directory with RATS (Rough Auditing Tool for Security - http://securesoftware.com) and found a few potential vulnerabilities, e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is this worth investigating further, or has it been covered?
kr,
Yo -- Johan Peeters bvba software architecture services tel:+32 16 64900 http://www.johanpeeters.com
_______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/classpath
_______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/classpath
