On 08/09/2015 09:58, Paul Sandoz wrote:
HI Mike,
This is fundamentally about *integrity* of the runtime. It follows there are
security implications, but it’s still fundamentally an integrity issue and
guarding an unsafe operation with a Security Manager is unfortunately an
insufficient solution.
Paul.
Right, and just to add that there has been many attempts over the years
to find solutions to this issue. I think the closest was atomimcally
remapping but that wasn't feasible on all platforms and also didn't free
up the address space in a timely manner.
On the security manager suggestion then one of the concerns from a few
years ago is that trusted code might unmap while untrusted code has a
reference to the buffer.
There have been attempts using redirection too but there was always
performance concerns. It also gets complicated with view buffers.
-Alan
