On Thu, 15 May 2003, Nick May wrote:
> This is a link from cnet. It is about an allleged security problem with
> Java running in a sandbox, that has left me slightly agog... (An
> increasingly common state, alas.)
>
> http://news.com.com/2100-1009_3-1001406.html?tag=fd_top
I have no idea why you would be agog, since I've *never* seen a piece of
hardware that's been fully secure given physical access to it.
And this is certainly not a bug in the java sandbox; if you can
arbitrarially change the contents of the computers' memory, of course
you can do anything you want. The sandbox stops programs running it it
from performing arbitrary actions; it does not stop nearby people from
phsically modifying the hardware. No software can do that.
Think of it this way: I have a program that takes the contents of
locations A and B, adds them, and puts the result into C. If I start
with 2 in A and 3 in B, run the program, it stores 5 in C, and then I
change the contents of location C to be 6, is this a bug in the program?
This story is complete sensationalism, and it really annoys me that
reporters can be such idiots as to write stuff like this.
cjs
--
Curt Sampson <cjs_at_cynic.net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
Received on Thu May 15 11:50:18 2003