On Tue, Mar 22, 2011 at 5:34 AM, Stéphane Ducasse <[email protected] > wrote:
> But why we could not have a byecode validator at the image level that first > make sure that byte code are in sync with the format of the objects. > Because it can be compromised. An in-image verifier is subject to attack, and could be disabled by an attack that got past the in-image verifier before it got a chance to run. An in-VM verifier is not possible to side-step because it is the only way to execute code. So an in-VM verifier can be secure but an in-image one can't and so is pointless. > Why this has to be done in the vm. > > Stef >
