On Sun, 2005-11-13 at 11:14 +0200, Oded Arbel wrote: > On Saturday, 12 בNovember 2005 01:32, Gilboa Davara wrote: > > > About buffer overflow: you are missing the point. You are not > > > overflowing the host stack, but the VMs one. This actually is good > > > thing from that point of view. > > > > Um.... and once I did that, what prevents me from generating a code > > that will cause the vm to delete the c:\boot.ini file? > > I'm not sure what the MS guys are doing, but if I were them I would run > the networking code with no file system permissions. The up side of > running everything in a VM(*) is that you don't have to link in file > system operations for a program that isn't supposed to use them, so > even if you buffer overflow the program you can't cause it to do stuff > that it isn't supposed to be doing. > > (*) the .Net VM isn't really a VM. Its more like a virtual virtual > machine (the virtual machine itself is virtual) - the .Net spec call > for everything to be JITed and cached. >
Which means they are trying to mimic selinux without calling it selinux. As for the .NET VM, I'll bow down and call it a "very extensive and super heavy RT library that slows things down almost to the point of JVM"... How's that? Gilboa ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
