Wall, Kevin wrote:
Also, from the results of your test, it seems to indicate that SOME TYPE
of verification is taking place, but if all you did was change a few
ARBITRARY bytes in the .class file, I don't think that proves the
byte code verifier is being being run in it's entirety.
I agree
On 5/4/06, Dinis Cruz [EMAIL PROTECTED] wrote:
Wall, Kevin wrote:
Also, from the results of your test, it seems to indicate that SOME TYPE
of verification is taking place, but if all you did was change a few
ARBITRARY bytes in the .class file, I don't think that proves the
byte code
Stories about this (below) X bug and the DHS-sponsored project that found it
have been floating around the net all week. This story caught my eye,
though:
http://www.net-security.org/secworld.php?id=3994
The author claims, This flaw, caused by something as seemingly harmless as a
missing
On Thu, 4 May 2006, Kenneth R. van Wyk wrote:
Stories about this (below) X bug and the DHS-sponsored project that found it
have been floating around the net all week. This story caught my eye,
though:
http://www.net-security.org/secworld.php?id=3994
The author claims, This flaw, caused
On Thursday 04 May 2006 12:40, Gadi Evron wrote:
Hmm, I think this was fixed in earlier X versions.
Not impossible, but the article clearly indicated that it's in 6.9.0 and
7.0.0, which are the most current in general circulation, I believe.
But, some bugs are so important that they deserved
Dinis Cruz wrote:
Ok, I just did some further tests and I think I can say that Java
(version 1.5.0_06) has similar verification issues to the ones I
discovered on the .Net Framework (see links in my previous post).
[...]
This should prove that the verifier is not enabled by default on java
$ java -cp . -noverify HelloWorld
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x6d7415fb,
pid=3512, tid=2260 # # Java VM: Java HotSpot(TM) Client VM
(1.5.0_06-b05 mixed mode) # Problematic frame:
# V
I'm psyched about this thread. Rock on guys.
For those of you who may need some basics, you might want to read
Securing Java (a book I wrote with Ed Felten in 1999...the first edition
in 1996 was called Java Security). The book is available completely for
free in searchable format at