Re: can't find libjava.so.

2000-06-29 Thread Peter Pilgrim 


You confusing class path and the program execution path.

The CLASSPATH should contain only directories that have *.class file or point to 
specific *.jar files.

The PATH is contains only directories where you have executables to run like `ls' or 
`chmod'
or `java' and `javac'
--

Peter Pilgrim
Welcome to the "Me Too" generation.



 Message History 



From: binyomin segal <[EMAIL PROTECTED]> on 28/06/2000 15:48 EST

To:   [EMAIL PROTECTED]
cc:
Subject:  can't find libjava.so.


(the first attempt at this message seems to have failed - sorry for any
duplication)

hi all,

i am not a linux person (though the more i use it the more i like it) so
please go slowly.

we are working on a cross-platform (mac/win/linux/solaris) java solution.

right now im working on the linux piece - we're using redhat 6.2 and
blackdown java 1.2.2.

the solution interacts with various cds and creates a database on the
users hard drive of info based on those cds.

to get the program working i was using the following shell script:

#!/bin/bash
cd /
cd /usr/local/jre1.2.2/bin
export CLASSPATH=/root/myDirectory:/root/myDirectory/myJar.jar
bash java myApplication

the problem with that shell is that because it leaves the prompt in the
jre/bin directory any reading/writing of files defaults to there.

so i tried the following:

#!/bin/bash
export CLASSPATH=/root/myDirectory:/root/myDirectory/myJar.jar:
   /usr/local/jre1.2.2/bin
export PATH=$CLASSPATH:$PATH
bash java myApplication

this does not work instead i get a "can't find libjava.so." error

any help would be appreciated
please feel free to email me directly at [EMAIL PROTECTED]

tia
ben



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]






--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: RMI and netscape

2000-06-29 Thread Sven . Daumann 








Rajesh Patel <[EMAIL PROTECTED]>@lads.is.lmco.com on 28.06.2000
17:00:45

Please respond to "rpatel"@lads.is.lmco.com

Sent by:  [EMAIL PROTECTED]


To:   java-linux Mailing List <[EMAIL PROTECTED]>
cc:

Subject:  RMI and netscape


Hi all,
I am dealing with security issues with netscape and plugins
for linux.  I am running RMI server application on my http server and
trying to run applet which connect to the RMI server and server passes
some information back to applet.
Things works fine if i use appletviewer but not with netscape!
I installed java plugins for jdk1.2 from blackdown.  Applet throws
netscape Security Exception on browser's java console as follows,

Netscape Communications Corporation -- Java 1.1.5
Type '?' for options.
Exporting the Applet
Looking up TimeService at: rmi://black.lads.is.lmco.com:10005/TimeServer

netscape.security.AppletSecurityException: security.Couldn't connect to
'158.186.60.220' with origin from 'local-classpath-classes'.
  at
netscape.security.AppletSecurity.checkConnect(AppletSecurity.java:776)
  at
netscape.security.AppletSecurity.checkAccept(AppletSecurity.java:760)
  at java.lang.SecurityManager.checkAccept(SecurityManager.java:839)
  at java.net.ServerSocket.implAccept(ServerSocket.java:246)
* at java.net.ServerSocket.accept(ServerSocket.java:224)
  at
sun.rmi.transport.proxy.HttpAwareServerSocket.accept(HttpAwareServerSocket.java:77)


  at sun.rmi.transport.tcp.TCPTransport.run(TCPTransport.java:394)
  at java.lang.Thread.run(Thread.java:504)
We have been registered!

Any response would be appreciated!
Thanks,

-Raj


Hello,

I seem the problem is that netscape don't use the plugin, but the intergrated JVM of 
Netscape.

When you will use the plugin your HTML page must look like the attachment

All messages from the Applet are written to Plugin console, please activate the console
in ~/.netscape/java/ControlPanel.html

Sven Daumann



(See attached file: applet.html)


Title: AppletTest



AppletTest





alt="Your browser understands the  tag but isn't running the applet, for some reason."
Your browser is completely ignoring the  tag!

Re: Java3D

2000-06-29 Thread Jesper Nordenberg 

Interesting! It would be even more interesting if you could test the GeForce with
XFree 4.0. Make sure you download the latest drivers from NVidia (released last
week I think).

Andreas Micklei wrote:

> Hi everyone,
>
> I just wanted to give a status update on my experiences with Java3D and
> hardware acceleration:
>
> The problems I had with Java3D obviously resultet in bugs in Utah-GLX, so
> Java3D is not really to blame (the behaviour was just a bit confusing). Here
> are some of my results:
>
> GFX hardwareOpenGL implementation   Result
> --
> Matrox G400 XFree 3.3.6 / Mesa 3.2 /Works. VERY slow.
> Software rendering
>
> Matrox G400 XFree 3.3.6 / Mesa 3.2 /Does not show
> Utah-GLX-2626   textures. Crashes
> occasionally.
> Non-textured rendering
> is reasonable fast.
>
> nVidea GForce   XFree 3.3.6 / Mesa 3.2 /Same as G400.
> Utah-GLX-2626
>
> Matrox G200 XFree 4.0 (includes Mesa 3.3)   Black picture. The
> / DRI   Framerate is
> impressive however.
> ;-)
>
> Matrox G400 XFree 4.0 (includes Mesa 3.3)   Crashes.
> / DRI
>
> Matrox G400 Xi-Graphics Accelerated-X   Works. VERY fast.
> (Demo version 1.1)
> --
>
> So for now the only viable option I know of if Accelerated-X. Using a 3Dfx
> board with hardware accelerated Mesa on Glide probably also works, but I have
> not tested this. The XFree 4.0 test are not finished yet. A test with the
> GForce, as well as using different kernel versions might give other results.
>
>bye...
>  Andreas Micklei
>
> --
> Andreas Micklei
> IVISTAR Kommunikationssysteme AG
> Ehrenbergstr. 19 / 10245 Berlin
> http://www.ivistar.de
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

--
| Jesper Nordenberg, M.Sc. in C.S.E., [EMAIL PROTECTED]
| NNL Technology AB, www.nnl.se
| Phone: +46 13 211400
| Address: Teknikringen 1B, S-58330 Linköping, SWEDEN



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

development applets

2000-06-29 Thread Marcos Lloret 

hi,

i work on an old sun sparc server10 with 96 Mb RAM, SunOS 5.5.1.  i
want to find a development kit to make applets and servlets in java. i
have heard about Borland JBuilder and IBM VisualAge for Java. i have
read their hardware and soft prerequisits and ... i do not have it.
is there any other application to develop java applets (with GUI)?? i
mean. nowadays i am running emacs and.. nothing else. i see the changes
on my browser.

thanks in advance,

marcos
[EMAIL PROTECTED]



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: RMI and netscape

2000-06-29 Thread Rajesh Patel 

[EMAIL PROTECTED] wrote:

> Rajesh Patel <[EMAIL PROTECTED]>@lads.is.lmco.com on 28.06.2000
> 17:00:45
>
> Please respond to "rpatel"@lads.is.lmco.com
>
> Sent by:  [EMAIL PROTECTED]
>
> To:   java-linux Mailing List <[EMAIL PROTECTED]>
> cc:
>
> Subject:  RMI and netscape
>
> Hi all,
> I am dealing with security issues with netscape and plugins
> for linux.  I am running RMI server application on my http server and
> trying to run applet which connect to the RMI server and server passes
> some information back to applet.
> Things works fine if i use appletviewer but not with netscape!
> I installed java plugins for jdk1.2 from blackdown.  Applet throws
> netscape Security Exception on browser's java console as follows,
>
> Netscape Communications Corporation -- Java 1.1.5
> Type '?' for options.
> Exporting the Applet
> Looking up TimeService at: rmi://black.lads.is.lmco.com:10005/TimeServer
>
> netscape.security.AppletSecurityException: security.Couldn't connect to
> '158.186.60.220' with origin from 'local-classpath-classes'.
>   at
> netscape.security.AppletSecurity.checkConnect(AppletSecurity.java:776)
>   at
> netscape.security.AppletSecurity.checkAccept(AppletSecurity.java:760)
>   at java.lang.SecurityManager.checkAccept(SecurityManager.java:839)
>   at java.net.ServerSocket.implAccept(ServerSocket.java:246)
> * at java.net.ServerSocket.accept(ServerSocket.java:224)
>   at
> sun.rmi.transport.proxy.HttpAwareServerSocket.accept(HttpAwareServerSocket.java:77)
>
>   at sun.rmi.transport.tcp.TCPTransport.run(TCPTransport.java:394)
>   at java.lang.Thread.run(Thread.java:504)
> We have been registered!
>
> Any response would be appreciated!
> Thanks,
>
> -Raj
>
> Hello,
>
> I seem the problem is that netscape don't use the plugin, but the intergrated JVM of 
>Netscape.
>
> When you will use the plugin your HTML page must look like the attachment
>

Thanks after changing my html code it activated 1.2.2 plugins and i see java console.  
But still
my applet does not start!  I put all class file (applet class and rmi classes) in the 
jar file
that i specified in my html code.  Can you tell me what am i missing?
Am i missing the concept for the jar file?  Can you explain what should i put in jar 
file?
Thanks,
-Raj

>
> All messages from the Applet are written to Plugin console, please activate the 
>console
> in ~/.netscape/java/ControlPanel.html
>
> Sven Daumann
>
> (See attached file: applet.html)
>
>   
>  Name: applet.html
>applet.html   Type: Hypertext Markup Language (text/html)
>  Encoding: 7BIT
>   Description: Internet HTML


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: RMI and netscape

2000-06-29 Thread Jesus M. Salvo Jr. 

Well, your applet was loaded locally, not from 158.186.60.220. 

Did u have your applet signed?

John Salvo

Rajesh Patel wrote:
> 
> 
> Netscape Communications Corporation -- Java 1.1.5
> Type '?' for options.
> Exporting the Applet
> Looking up TimeService at: rmi://black.lads.is.lmco.com:10005/TimeServer
> 
> netscape.security.AppletSecurityException: security.Couldn't connect to
> '158.186.60.220' with origin from 'local-classpath-classes'.
>   at

-- 
Homepage: http://homepages.tig.com.au/~jmsalvo/


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [cant find libjava.so.]

2000-06-29 Thread James Mansell 

Hi binyomin,

If you are doing your writing from your java application you can use classes
in the java.io package to write wherever you want (see File class and
FileOutputStream, and FileWriter classes.  I would assume you can also pass a
path into the java program as an argument, but as I am still new to java
myself I can't say how to do this.

Hope this is of use.

Rgds
James


binyomin segal <[EMAIL PROTECTED]> wrote:

hi all,

i am not a linux person (though the more i use it the more i like it) so
please go slowly.

we are working on a cross-platform (mac/win/linux/solaris) java solution.

right now im working on the linux piece - we're using redhat 6.2 and
blackdown java 1.2.2.

the solution interacts with various cds and creates a database on the
users hard drive of info based on those cds.

to get the program working i was using the following shell script:

#!/bin/bash
cd /
cd /usr/local/jre1.2.2/bin
export CLASSPATH=/root/myDirectory:/root/myDirectory/myJar.jar
bash java myApplication

the problem with that shell is that because it leaves the prompt in the
jre/bin directory any reading/writing of files defaults to there.

so i tried the following:

#!/bin/bash
export CLASSPATH=/root/myDirectory:/root/myDirectory/myJar.jar:
   /usr/local/jre1.2.2/bin
export PATH=$CLASSPATH:$PATH
bash java myApplication

this does not work instead i get a "can't find libjava.so." error

any help would be appreciated
please feel free to email me directly at [EMAIL PROTECTED]

tia
ben



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Get your own FREE, personal Netscape WebMail account today at 
http://webmail.netscape.com.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SIGSEGV

2000-06-29 Thread Jesus M. Salvo Jr. 

In short, I would like to be able to reproduce the SIGSEGV when the
.java files are compiled using 'javac' from a command line.

I have tried javac -g -O -deprecate, but I can't replicate the SIGSEGV
when I run the sample application. Only way to have that SIGSEGV come up
if I compile from within JBuilder. Then again, I can't even see a
'javac' in my processes when compiling/rebuilding from within JBuilder.

Thanks

John Salvo


"Jesus M. Salvo Jr." wrote:
> 
> Hi!
> 
> Environment:
> JDK 1.2.2 RC4
> RedHat 6.0 with upgraded glibc to 2.1.2
> kernel 2.2.16
> 
> Does anyone know how to figure out what EXACT command line options
> JBuilder Foundation 3.5 uses to compile source files?
> Everytime I 'rebuild the project', I cannot even see a 'javac' either
> with 'ps' or 'top'.
> 
> I ask this because I get a SIGSEGV when running a sample application and
> the .java files are compiled from within JBuilder 3.5.
> 
> If I compile them all using straight javac from a shell, I get no
> SIGSEGV when running the sample application.
> 
> Whats more weird is that, I can still get the sample application to work
> even though if it was compiled from within JBuilder 3.5 if I:
> 
> Use no jit at runtime (java.compiler=none)
> If I execute the sample application using jdb
> 
> Thanks,
> 
> John Salvo
> 
> --
> Homepage: http://homepages.tig.com.au/~jmsalvo/

-- 
Homepage: http://homepages.tig.com.au/~jmsalvo/


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

SIGSEGV

2000-06-29 Thread Jesus M. Salvo Jr. 


Hi!

Environment: 
JDK 1.2.2 RC4
RedHat 6.0 with upgraded glibc to 2.1.2
kernel 2.2.16

Does anyone know how to figure out what EXACT command line options
JBuilder Foundation 3.5 uses to compile source files?
Everytime I 'rebuild the project', I cannot even see a 'javac' either
with 'ps' or 'top'.

I ask this because I get a SIGSEGV when running a sample application and
the .java files are compiled from within JBuilder 3.5. 

If I compile them all using straight javac from a shell, I get no
SIGSEGV when running the sample application. 

Whats more weird is that, I can still get the sample application to work
even though if it was compiled from within JBuilder 3.5 if I:

Use no jit at runtime (java.compiler=none)
If I execute the sample application using jdb


Thanks,

John Salvo


-- 
Homepage: http://homepages.tig.com.au/~jmsalvo/


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AW: AW: C# -- the Java killer?

2000-06-29 Thread Mike Christiansen 

I'm not so sure. MS SOAP is incompatible with all other implementations
including IBM's (Java-based) version. Below is a link to an interesting
article that was forwarded to me that compared the two. IBM's version
stood head and shoulders above MS. The conclusion was to use MS's version
if one was interested in MS to MS interaction.

The article can be found at:
 http://windows.oreilly.com/news/soapreview_0600.html

Mike

"Hildebrandt, Kai (VIS32)" wrote:

> >>In order to compete successfully with Java it has to be free.
> >>It is not typical for Microsoft.
>
> but it happens
> see SOAP
>
> Kai
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


begin:vcard 
n:Christiansen;Mike
tel;cell:972 896 4067
tel;work:972 583 2798
x-mozilla-html:FALSE
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
fn:Mike Christiansen
end:vcard

Re: RMI and netscape

2000-06-29 Thread Rajesh Patel 

"Jesus M. Salvo Jr." wrote:

> Well, your applet was loaded locally, not from 158.186.60.220.
>
> Did u have your applet signed?

No.  Do i have to have my applet signed?
-Raj

>
>
> John Salvo
>
> Rajesh Patel wrote:
> >
> >
> > Netscape Communications Corporation -- Java 1.1.5
> > Type '?' for options.
> > Exporting the Applet
> > Looking up TimeService at: rmi://black.lads.is.lmco.com:10005/TimeServer
> >
> > netscape.security.AppletSecurityException: security.Couldn't connect to
> > '158.186.60.220' with origin from 'local-classpath-classes'.
> >   at
>
> --
> Homepage: http://homepages.tig.com.au/~jmsalvo/
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

kaffe and RMI

2000-06-29 Thread Rajesh Patel 

Hi,
Does anybody know what command line options i have to use in
order to run my RMI server application using kaffe?
if i use simple kaffe command i get following errors,
% kaffe RMIServer
kaffe.util.NotImplemented
at java.lang.Throwable.(Throwable.java:33)
at java.lang.Error.(Error.java:17)
at kaffe.util.NotImplemented.(NotImplemented.java:18)
at
java.rmi.registry.LocateRegistry.createRegistry(LocateRegistry.java:52)
at
java.rmi.registry.LocateRegistry.createRegistry(LocateRegistry.java:48)
at RMIServer.main(RMIServer.java:40)
%

If i use regular java command the same application runs fine.  Also i
don't how can i specify policy file at command line in kaffe?(e.g
-Djava.security.policy=java.policy if using java)
Thanks,

-Raj


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Security bug in a major fraction of VMs

2000-06-29 Thread Wolfgang Hoschek 

There is a serious security bug in a major fraction of VMs.
Some VMs do not check access specifiers at runtime. This allows you to
access private data with either a hacked compiler, direct editing of
byte code, or a simple recompile. 
For details, see http://metalab.unc.edu/javafaq/

I checked the mini program given there on a number of Linux and Solaris
VMs.

"NOT OK" means the access specifiers are not checked at runtime
"OK" means they are checked and the runtime correctly refuses the class.

Interestingly BlackdownRC4 with Inprise's jitter was "NOT OK" whereas
BlackdownRC4 with sunwjit SIGSEV'd which is also not quite ok.
Here the builds I checked:

Solaris@Spars

- NOT OK: java version "1.3.0", Java Hotspot(TM) Client VM (build
1.3-beta, mixed mode)
- OK: (IncompatibleClassChangeError) java version "1.2.2", Solaris VM
(build Solaris_JDK_1.2.2_05a, native threads, sunwjit)

RedHat6.1@Intel

- NOT OK: java full version "JDK 1.1.8 IBM build l118-2515 (JIT
enabled: jitc)"
- NOT OK: java version "1.2.2", Classic VM (build Linux_JDK_1.2.2_RC4,
nativethreads, javacomp)
- HALF OK (segmentation violation): java version "1.2.2", Classic VM
(build Linux_JDK_1.2.2_RC4, nativethreads, sunwjit)
- NOT OK: java version "1.3.0", Java(TM) 2 Runtime Environment, Standard
Edition (build 1.3.0), Classic VM (build 1.3.0, J2RE 1.3.0 IBM build
cx130-2605 (JIT enabled: jitc))
- NOT OK: java version "1.3.0", Classic VM (build 1.3.0, J2RE 1.3.0 IBM
build cx130-2502 (JIT enabled: jitc))
- NOT OK: java version "1.3.0beta1", Java(TM) 2 RuntimeEnvironment,
Standard Edition (build 1.3.0beta-b07), Java Hotspot(TM) Client VM
(build 1.3.0beta-b04, mixed mode)

Cheers,
Wolfgang.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: JITs for Linux JREs?

2000-06-29 Thread David Marshall 

Nelson Minar wrote:

> What's the current state of the art for Linux JITs and JREs?
>
> I'm looking at both the Blackdown 1.2.2RC4 and the Sun/Inprise
> 1.2.2RC1. Which JITs do those ship with? Which JITs work best with
> native threads?

Blackdown 1.2.2RC4 ships with sunwjit which works well with both green
and native threads. I've had some troubles with heavy loads in an SMP
configuration (see list archives for details) but it works well on a
single CPU box.

> My impression is that both JREs ship with sunwjit, which works with
> both green & native threads. But I can't find any JIT in the
> Sun/Inprise distribution!

Borland's javacomp JIT is a separate download (you can get it from
Borland's site). If you try Borland's javacomp JIT with the Blackdown
1.2.2RC4 JDK/JRE It works well with green threads, I've had intermittent
problems with native threads on a single CPU box (under heavy loads) and
it wouldn't run at all on an SMP box.

> And what's up with symcjit? Does it work in Linux? Does it work with
> native threads?

I have no experience with symcjit on Linux.

You can also try TYA JIT (available from http://sax.sax.de/~adlibit/ ) if
GPL is ok for you. From some preliminary testing I did last week it seems
to be marginally faster than sunwjit and is rock solid for native threads
(single CPU and SMP).

There's also OpenJIT (see http://www.openjit.org ), but it's only
licensed for non-commercial purposes. I haven't had any experience with
it, but it's reported to work with Blackdown 1.2.2RC4.

> Confused,
>   Nelson

Hope this helps,

--
David Marshall   mailto:[EMAIL PROTECTED]
VM Systems, Inc.   http://www.vmguys.com




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SIGSEGV

2000-06-29 Thread Nathan Meyers 

I think JBuilder has its own compiler.

Nathan


On Thu, Jun 29, 2000 at 05:44:18PM +, Jesus M. Salvo Jr. wrote:
> 
> Hi!
> 
> Environment: 
> JDK 1.2.2 RC4
> RedHat 6.0 with upgraded glibc to 2.1.2
> kernel 2.2.16
> 
> Does anyone know how to figure out what EXACT command line options
> JBuilder Foundation 3.5 uses to compile source files?
> Everytime I 'rebuild the project', I cannot even see a 'javac' either
> with 'ps' or 'top'.
> 
> I ask this because I get a SIGSEGV when running a sample application and
> the .java files are compiled from within JBuilder 3.5. 
> 
> If I compile them all using straight javac from a shell, I get no
> SIGSEGV when running the sample application. 
> 
> Whats more weird is that, I can still get the sample application to work
> even though if it was compiled from within JBuilder 3.5 if I:
> 
> Use no jit at runtime (java.compiler=none)
> If I execute the sample application using jdb
> 
> 
> Thanks,
> 
> John Salvo
> 
> 
> -- 
> Homepage: http://homepages.tig.com.au/~jmsalvo/
> 
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security bug in a major fraction of VMs

2000-06-29 Thread Joseph Shraibman 

And this is a big security problem?  Access specifiers are meant to
protect programmers from doing stupid things, not protect security.  Of
course if you hack the jvm you will be able to get access to a private
field.  So just what is the security concern here?

Wolfgang Hoschek wrote:
> 
> There is a serious security bug in a major fraction of VMs.
> Some VMs do not check access specifiers at runtime. This allows you to
> access private data with either a hacked compiler, direct editing of
> byte code, or a simple recompile.
> For details, see http://metalab.unc.edu/javafaq/
> 
> I checked the mini program given there on a number of Linux and Solaris
> VMs.
> 
> "NOT OK" means the access specifiers are not checked at runtime
> "OK" means they are checked and the runtime correctly refuses the class.
> 
> Interestingly BlackdownRC4 with Inprise's jitter was "NOT OK" whereas
> BlackdownRC4 with sunwjit SIGSEV'd which is also not quite ok.
> Here the builds I checked:
> 
> Solaris@Spars
> 
> - NOT OK: java version "1.3.0", Java Hotspot(TM) Client VM (build
> 1.3-beta, mixed mode)
> - OK: (IncompatibleClassChangeError) java version "1.2.2", Solaris VM
> (build Solaris_JDK_1.2.2_05a, native threads, sunwjit)
> 
> RedHat6.1@Intel
> 
> - NOT OK: java full version "JDK 1.1.8 IBM build l118-2515 (JIT
> enabled: jitc)"
> - NOT OK: java version "1.2.2", Classic VM (build Linux_JDK_1.2.2_RC4,
> nativethreads, javacomp)
> - HALF OK (segmentation violation): java version "1.2.2", Classic VM
> (build Linux_JDK_1.2.2_RC4, nativethreads, sunwjit)
> - NOT OK: java version "1.3.0", Java(TM) 2 Runtime Environment, Standard
> Edition (build 1.3.0), Classic VM (build 1.3.0, J2RE 1.3.0 IBM build
> cx130-2605 (JIT enabled: jitc))
> - NOT OK: java version "1.3.0", Classic VM (build 1.3.0, J2RE 1.3.0 IBM
> build cx130-2502 (JIT enabled: jitc))
> - NOT OK: java version "1.3.0beta1", Java(TM) 2 RuntimeEnvironment,
> Standard Edition (build 1.3.0beta-b07), Java Hotspot(TM) Client VM
> (build 1.3.0beta-b04, mixed mode)
> 
> Cheers,
> Wolfgang.
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security bug in a major fraction of VMs

2000-06-29 Thread Uli Luckas 

There used to be a security bug in HotJava, where the internel 
certificate table (for mapping public signing keys to permisions) was 
returned to an applet by an accessor method instead of a copy of the 
table. This way an applet was not only able to read the permisions but 
also to write back to the table. This way, the applet could put it's own 
public key in a row that had plenty of permisions.
 
Now, this bug is fixed but an applet could subclass this fixed class and, 
as it (unwantedly) has access to privat members it could malicously 
overwrite the accessor method to return the table instead of a clone 
again.
 
PLEASE NOTE! This bug was reconstructed from my memory. My description 
might not exactly describe what was going on in this case and it might 
not even have been HotJava but another product that was afected. This 
Response is not meant to discredit Sun or HotJava.
 
Uli Luckas


>> Ursprüngliche Nachricht <<

Am 29.06.00, 23:25:41, schrieb Joseph Shraibman <[EMAIL PROTECTED]> zum 
Thema Re: Security bug in a major fraction of VMs:


> And this is a big security problem?  Access specifiers are meant to
> protect programmers from doing stupid things, not protect security.  Of
> course if you hack the jvm you will be able to get access to a private
> field.  So just what is the security concern here?

> Wolfgang Hoschek wrote:
> >
> > There is a serious security bug in a major fraction of VMs.
> > Some VMs do not check access specifiers at runtime. This allows you to
> > access private data with either a hacked compiler, direct editing of
> > byte code, or a simple recompile.
> > For details, see http://metalab.unc.edu/javafaq/
> >
> > I checked the mini program given there on a number of Linux and Solaris
> > VMs.
> >
> > "NOT OK" means the access specifiers are not checked at runtime
> > "OK" means they are checked and the runtime correctly refuses the class.
> >
> > Interestingly BlackdownRC4 with Inprise's jitter was "NOT OK" whereas
> > BlackdownRC4 with sunwjit SIGSEV'd which is also not quite ok.
> > Here the builds I checked:
> >
> > Solaris@Spars
> > 
> > - NOT OK: java version "1.3.0", Java Hotspot(TM) Client VM (build
> > 1.3-beta, mixed mode)
> > - OK: (IncompatibleClassChangeError) java version "1.2.2", Solaris VM
> > (build Solaris_JDK_1.2.2_05a, native threads, sunwjit)
> >
> > RedHat6.1@Intel
> > 
> > - NOT OK: java full version "JDK 1.1.8 IBM build l118-2515 (JIT
> > enabled: jitc)"
> > - NOT OK: java version "1.2.2", Classic VM (build Linux_JDK_1.2.2_RC4,
> > nativethreads, javacomp)
> > - HALF OK (segmentation violation): java version "1.2.2", Classic VM
> > (build Linux_JDK_1.2.2_RC4, nativethreads, sunwjit)
> > - NOT OK: java version "1.3.0", Java(TM) 2 Runtime Environment, Standard
> > Edition (build 1.3.0), Classic VM (build 1.3.0, J2RE 1.3.0 IBM build
> > cx130-2605 (JIT enabled: jitc))
> > - NOT OK: java version "1.3.0", Classic VM (build 1.3.0, J2RE 1.3.0 IBM
> > build cx130-2502 (JIT enabled: jitc))
> > - NOT OK: java version "1.3.0beta1", Java(TM) 2 RuntimeEnvironment,
> > Standard Edition (build 1.3.0beta-b07), Java Hotspot(TM) Client VM
> > (build 1.3.0beta-b04, mixed mode)
> >
> > Cheers,
> > Wolfgang.
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]