Re: security

classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security

From:	Patrik Reali
Subject:	Re: security
Date:	Mon, 01 Mar 2004 10:59:05 +0100

Hi Johan,

thanks a lot for this report. It is obviously important to get those thingsright. Not every JVM uses those C routines (some like JNode and Jaos don'teven have C available), but since the code is released, it should also besecure.


-Patrik

--------------------------------
Patrik Reali
http://www.reali.ch/~patrik/

--On Montag, 1. März 2004 08:45 +0100 Johan Peeters <address@hidden>wrote:

at FOSDEM, we discussed how I might help to improve free Java's
security. It seems to me that, for the edifice to be secure, the
native layer's security is absolutely essential. I scanned the native
directory with RATS (Rough Auditing Tool for Security -
http://securesoftware.com) and found a few potential vulnerabilities,
e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is
this worth investigating further, or has it been covered?

kr,

Yo
--
Johan Peeters bvba
software architecture services
tel:+32 16 64900
http://www.johanpeeters.com


_______________________________________________
Classpath mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/classpath

[Prev in Thread]

Current Thread

[Next in Thread]

security, Johan Peeters, 2004/03/01
- Re: security, Michael Koch, 2004/03/01
- Re: security, Patrik Reali <=
- security, Andrew Haley, 2004/03/01

Prev by Date: Re: Query on stacktrace management logic
Next by Date: Re: Query on stacktrace management logic
Previous by thread: Re: security
Next by thread: security
Index(es):
- Date
- Thread