[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mon, 1 Mar 2004 08:59:12 +0100
Am Montag, 1. März 2004 08:45 schrieb Johan Peeters:
> at FOSDEM, we discussed how I might help to improve free Java's
> security. It seems to me that, for the edifice to be secure, the
> native layer's security is absolutely essential. I scanned the native
> directory with RATS (Rough Auditing Tool for Security -
> http://securesoftware.com) and found a few potential vulnerabilities,
> e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is
> this worth investigating further, or has it been covered?
No. this hasnt been covered yet in the past but its needed to get more
secure and find coding bugs. Please let us discuss your results of
running this tool. I will try to run the RATS software on libgcj too to
see how both compare in this (and libgcj is more important for my
plugin anyway ;-).