Message-Id: <3.0.32.19970604162119.0093da40@mail.cs.princeton.edu>
Date: Wed, 04 Jun 1997 16:21:48 -0400
To: Marianne Mueller <mrm@Eng>
From: Edward Felten <felten@CS.Princeton.EDU>
Subject: Re: New(?) bytecode verification weakness
Brian's and Sean's comments illustrate a problem we often worry about: the
number of "quirks" in the Java language and implementation. Many of the
security breaches we've seen exploited a combination of apparently
unrelated quirks, each of which seemed relatively harmless when viewed by
itself. Life is so much simpler when the rules that are enforced are the
same as the official written rules.