Neil Macneale wrote:
Ben Laurie wrote:
So, it seems to me that when you say its easier to write secure code in
Java than C what you really mean is that its easier to write code free
of buffer overflows in Java than C.
I can't think of _any_ other interesting security properties that Java
has and C lacks. Am I missing something?
It has generally been my experience that buffer overflows are not an
issue in java code. Not because indexes are checked automatically, but
more because the .length field is prevalently used. It is uncommon that
I see IndexOutOfBoundsExceptions being thrown in my code, or the code I
rely upon.
Preventing buffer overflows is a commonly sighted advantage of java, but
there are other advantages as well. There is a common architecture for
signing and verification of code.
Woah. This doesn't provide security in any interesting sense. And PGP
signatures on C source are just as good.
The two JVMs I have installed return
null when I attempt to get the signers of the String class. It would
seem reasonable to me to have a hard coded public key in Harmony so we
could verify the validity of the libs. These tools can also be used to
seal jars, thus assuring that when someone downloads and installs a
standard build of Harmony, they can be fairly certain that they didn't
get an image with a back door built in. (Note this brings up a separate
issue of having a SSL trusted host, but lets not go there yet.)
See above.
Furthermore, by using the java.security package and it's friends we can
be assured that our Java code is behaving correctly.
You can? How?
If there is C code
in the JVM which opens and writes to files, then we must manually check
to see that the JVM has permission to do so. If the code is written in
Java, then the SecurityManager class to takes care of that with no
effort to the developer. This may be a double edged sword since
developers who think "The SecurityManger will catch my bugs" are going
to dig themselves into a hole. But it's better than the C model which is
non-existant.
How hard is to write a wrapper for open() in C? Why is that different
from using SecurityManager?
BTW, have you ever seen plash?
http://www.cs.jhu.edu/~seaborn/plash/plash.html
Cheers,
Ben.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff