Am Montag, 1. M�rz 2004 08:45 schrieb Johan Peeters: > at FOSDEM, we discussed how I might help to improve free Java's > security. It seems to me that, for the edifice to be secure, the > native layer's security is absolutely essential. I scanned the native > directory with RATS (Rough Auditing Tool for Security - > http://securesoftware.com) and found a few potential vulnerabilities, > e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is > this worth investigating further, or has it been covered?
No. this hasnt been covered yet in the past but its needed to get more secure and find coding bugs. Please let us discuss your results of running this tool. I will try to run the RATS software on libgcj too to see how both compare in this (and libgcj is more important for my plugin anyway ;-). Michael _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/classpath
