Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

By default, the Verifier is disabled on .Net and Java

From: lunerwood at yahoo.com (j lunerwood)
Date: Sun, 14 May 2006 21:54:52 -0700 (PDT)
in reply to 


Dinis Cruz dinis at ddplus.net
Sun May 14 03:40:20 EDT 2006

<...skipped...>

So in an environment where you have a solid Security

Policy (enforced by 

a Security Manager) but the verifier is NOT enabled,

then to jump out of 

the sandbox all that you need to do is to create a

Type Confusion 

exploit that allows you to access a private member

that either: calls 

the protected resource directly or disables the

Security Manager (which 

based on the description provided is the demo that I

think Ed Felten did).
<....skipped...>


I guess this is exactly the logic that was behind the
implementation decision that by default 

Code isn't verified when and only when it is granted
"All Permissions" 

mentioned here
http://archives.java.sun.com/cgi-bin/wa?A2=ind0107&L=java-security&P=1305

Though the post at the link avove talks only about
boot strap classes, i guess this policy is now
implemented across the whole JVM (obviously some
digging through the java sources would be needed to
confirm this)

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: