This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: safety of GCJ-generated code

From: Tom Tromey <tromey at redhat dot com>
To: Adam Megacz <gcj at lists dot megacz dot com>
Cc: java at gcc dot gnu dot org
Date: 17 Dec 2001 11:05:55 -0700
Subject: Re: safety of GCJ-generated code
References: <863d29spzo.fsf@megacz.com>
Reply-to: tromey at redhat dot com

>>>>> "Adam" == Adam Megacz <gcj@lists.megacz.com> writes:

Adam> Is GCJ-compiled code "safe" in the sense that no malicious input
Adam> to a program can possibly cause it to crash or jump to memory
Adam> locations that aren't part of its code? (ie buffer overflows,
Adam> stack-busting). By crash, I mean something beyond an uncaught
Adam> exception.

In theory this is the case.

In practice, I think gcj-generated code is safe (barring unknown
bugs).  However, nobody has done an audit of libgcj.  There may well
be problems in the C++ code.  We try not to introduce them, but of
course it is hard to be 100% certain.

If you find any holes along these lines, they are bugs and should be
reported (and fixed).

Note that libgcj doesn't yet fully conform to Java's security model.
We don't really support having a SecurityManager.  Also, we never
throw StackOverflowError -- instead you might see a crash.  These two
things have been on the to-do list for years.  Unfortunately,
implementing them isn't trivial.

Tom

Follow-Ups:
- Re: safety of GCJ-generated code
  - From: Adam Megacz

References:
- safety of GCJ-generated code
  - From: Adam Megacz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]