Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: reverse engineer c or java

From: crispin () WIREX COM (Crispin Cowan)
Date: Mon, 22 May 2000 04:30:39 +0000

pantera () BALANCEPOINTGOLF COM wrote:


Date sent:              Sun, 21 May 2000 19:50:46 +0200
Send reply to:          Bluefish <11a () GMX NET>
From:                   Bluefish <11a () GMX NET>
Subject:                Re: reverse engineer c or java
Originally to:          "za () boo ma fu" <initd_ () DIGITAL NET>


security in any program you write? Write well thought out code.
Learn about common bugs such as bad 'system()' placement or
buffer overruns.


Btw, on the topic of java! Has there been published any research upon
buffert overruns in java? I assume the class String is more or less
secure, but are there security concerns related to usage of e.g. arrays?


Java automatically performs bound checking on arrays.  For
example, if you try and add more elements to an array than you
should:


Agreed.  The buffer overrun issue for Java is that the JVM is often a C
program, and *it* may contain buffer overrun vulnerabilities that enable the
attacker to write bytecode that exploits a buffer overrun in the JVM to
obtain privilege.

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org
                  JOBS!  http://immunix.org/jobs.html
Previous By Date Next
Previous By Thread Next

Current thread: