On Tue, 2007-01-23 at 11:01 -0500, taharka wrote: > How do, > > On Tue, 2007-01-23 at 17:57 +1030, Tim wrote: > > On Mon, 2007-01-22 at 13:11 -0500, taharka wrote about Java, JavaScript > > and ActiveX: > > > All the three implement some kind of sandbox model, limiting the > > > activities remote code can perform: e.g., sandboxed code shouldn't > > > read/write your local hard disk nor interact with the underlying > > > operative system or external applications. > > > > I think special emphasis needs to be made about the "shouldn't" word in > > that paragraph. That's where much of the problems lay. > > Yes, "shouldn't" doesn't mean it won't eh? :-( > > > -- > > (Currently running FC4, in case that's important to the thread) > > > > Don't send private replies to my address, the mailbox is ignored. > > I read messages from the public lists. > > taharka > > Lexington, Kentucky U.S.A. > By design, SUN Java doesn't represent much risk. The original VM used in Windows violated many of the restrictions, and was one of the reasons for the acrimony between SUN and Microsoft that resulted in some legal action. Still, any programming language has limits to what can be accomplished by any limits. If the language supports objects and object methods without restricting memory segment access between code and data, then the ability to create the effect of a buffer overflow, then call the method will result in access that is not desired. After that, it becomes a system and kernel control issue, which is one of the reasons SELinux is so heavily embedded into the OS Kernel. Regards, Les H
