[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Getting Fox News to work with Firefox



On Tue, 2007-01-23 at 11:01 -0500, taharka wrote:
> How do,
> 
> On Tue, 2007-01-23 at 17:57 +1030, Tim wrote:
> > On Mon, 2007-01-22 at 13:11 -0500, taharka wrote about Java, JavaScript
> > and ActiveX:
> > > All the three implement some kind of sandbox model, limiting the
> > > activities remote code can perform: e.g., sandboxed code shouldn't
> > > read/write your local hard disk nor interact with the underlying
> > > operative system or external applications.
> > 
> > I think special emphasis needs to be made about the "shouldn't" word in
> > that paragraph.  That's where much of the problems lay.
> 
> Yes, "shouldn't" doesn't mean it won't eh? :-(
> 
> > -- 
> > (Currently running FC4, in case that's important to the thread)
> > 
> > Don't send private replies to my address, the mailbox is ignored.
> > I read messages from the public lists.
> 
> taharka
> 
> Lexington, Kentucky U.S.A.
> 
By design, SUN Java doesn't represent much risk.  The original VM used
in Windows violated many of the restrictions, and was one of the reasons
for the acrimony between SUN and Microsoft that resulted in some legal
action.  Still, any programming language has limits to what can be
accomplished by any limits.  If the language supports objects and object
methods without restricting memory segment access between code and data,
then the ability to create the effect of a buffer overflow, then call
the method will result in access that is not desired.  After that, it
becomes a system and kernel control issue, which is one of the reasons
SELinux is so heavily embedded into the OS Kernel.

Regards,
Les H


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]