>>>>> "Ben" == Ben Laurie <[EMAIL PROTECTED]> writes:
Ben> I can't think of _any_ other interesting security properties that Java Ben> has and C lacks. Am I missing something? Probably not. At some point any VM has to do untrusted things. There may be reasons that this "window" is bigger or smaller, and smaller is probably preferable, but it doesn't seem to me to be a necessary consequence of the implementation language. That said, it does make sense to think not only about how to implement security, but also how to verify it, and likewise how to ensure the VM remains secure in the face of a lot of mutation. For checking we'll probably be adding tests to Mauve for various security things as we start working on the security infrastructure in libgcj. These kinds of tests still miss a lot though. One idea we've discussed a little is writing new FindBugs checks to look for the required security calls. But this doesn't protect us from bugs in the native code or bugs allowing access to non-standard weird things that shouldn't be generally accessible (we have some interesting code in gnu.gcj.*). Tom
