Re: security

[Michael Koch]

Am Montag, 1. März 2004 08:45 schrieb Johan Peeters:
> at FOSDEM, we discussed how I might help to improve free Java's
> security. It seems to me that, for the edifice to be secure, the
> native layer's security is absolutely essential. I scanned the native
> directory with RATS (Rough Auditing Tool for Security -
> http://securesoftware.com) and found a few potential vulnerabilities,
> e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is
> this worth investigating further, or has it been covered?

No. this hasnt been covered yet in the past but its needed to get more 
secure and find coding bugs. Please let us discuss your results of 
running this tool. I will try to run the RATS software on libgcj too to 
see how both compare in this (and libgcj is more important for my 
plugin anyway ;-).


Michael