Date: Wed, 22 Oct 1997 18:09:26 -0700
Message-Id: <199710230109.SAA01371@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: Ravindra Rao <rnr@hpcf.cc.utexas.edu>
Subject: Re: Confusing the JVM about types
In-Reply-To: Ravindra Rao's mail of Wed, 22 October, 1997
Hi Ravi,
The problem you described, that an evil classloader can cause type
confusion (in JDK1.1.x), is a known problem for sometime (and one of
the primary reason why untrusted code are not allowed to create
classloaders). Researcher at Princeton, Bell Labs, and Sun have all
proposed addition protection against evil classloaders. We will run
your case against some of the techniques we are testing and let you
know how things go.
Thanks for sending us the material. By the way, some of us will
attend the Monterrey conference, so we could chat more there.
Best regards,
Li
-- Li Gong, PhD Java Security Architect and Senior Engineering Manager JavaSoft, Sun Microsystems, Cupertino, California, USA Email: gong@eng.sun.com Web: http://java.sun.com/people/gong Tel: 408-343-1825 and Fax: 408-343-1993