Java and Memory Protections
Posted Nov 22, 2006 16:18 UTC (Wed) by NAR
In reply to: Java and Memory Protections
Parent article: Virtual Machines and Memory Protections
The security problem won't anyway be fixed by PaX or SELinux. Any language providing an eval function will have this type of problem, just at a higher level.
Yes, consider this bash code:
Y="m -f /"
If the values of X and Y are not hardcoded, but come from the untrusted input, then it's a problem. That's why things like the -T option of perl got invented - I wonder if other languages/VMs have options like this.
to post comments)