[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security

From: Patrik Reali
Subject: Re: security
Date: Mon, 01 Mar 2004 10:59:05 +0100

Hi Johan,

thanks a lot for this report. It is obviously important to get those things right. Not every JVM uses those C routines (some like JNode and Jaos don't even have C available), but since the code is released, it should also be secure.


Patrik Reali

--On Montag, 1. März 2004 08:45 +0100 Johan Peeters <address@hidden> wrote:

at FOSDEM, we discussed how I might help to improve free Java's
security. It seems to me that, for the edifice to be secure, the
native layer's security is absolutely essential. I scanned the native
directory with RATS (Rough Auditing Tool for Security - and found a few potential vulnerabilities,
e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is
this worth investigating further, or has it been covered?


Johan Peeters bvba
software architecture services
tel:+32 16 64900

Classpath mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]