On 5/12/06, Dinis Cruz <[EMAIL PROTECTED]> wrote:
Michael Silk wrote:
"What is the point of the verifier?' , 'Why use it? and 'What are the
real security advantages of enabling the verifier if the code is
executed in an environment with the security manager disabled?'
Huh? You can find wh
[Due to the relevance to the current discussion on Java Verifier, here
is a blog
entry that I wrote last November (also posted on Full
Disclosure )]
___
Comment on Microsoft's leaked memos, and the
unofficial end of Microsoft 'Trustworthy Computing'
Gary McGraw wrote:
The switch from "applets vs applications" security to "trusted code vs untrusted
code" happened with the introduction of jdk 1.1 (way back when). Ed and I followed the sun
marketing lead in 96 when it came to applets vs applications, but we cleared this up later in
Securin
Michael Silk wrote:
"What is the point of the verifier?' , 'Why
use it? and 'What are the
real security advantages of enabling the verifier if the code is
executed in an environment with the security manager disabled?'
Huh? You can find what it does here:
http://ja
Tim Hollebeek wrote:
$ java -cp . -noverify HelloWorld
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x6d7415fb,
pid=3512, tid=2260 # # Java VM: Java HotSpot(TM) Client VM
(1.5.0_06-b05 mixed mode) # Problemat
Michael Silk wrote:
You can't disable the security manager even with the
verifier off. But
you could extend some final or private class that the security manager
gives access to.
This is not correct. With the verifier disabled there are multiple ways
you can jump out of the Security M