User: Password:
|
|
Subscribe / Log in / New account

New GNU Hurd, Mach, and MIG releases

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 21:52 UTC (Tue) by HelloWorld (guest, #56129)
In reply to: New GNU Hurd, Mach, and MIG releases by nix
Parent article: New GNU Hurd, Mach, and MIG releases

Most of Java's security issues are related either to unsafe code called via JNI or to JVM bugs concerning malicious class files. The first class of bugs of course also applies to C programs since C doesn't even try to be memory-safe. The second class of bugs is irrelevant for a kernel, because if you have the right to load code into the kernel the system is compromised anyway. So yes, Java programs are a lot more secure than C programs, occasional bugs notwithstanding.


(Log in to post comments)

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 23:44 UTC (Tue) by wahern (subscriber, #37304) [Link]

How do you go from describing the origin of bugs in Java-the-language-implementation to arguing that Java programs have fewer bugs than C programs?

PHP is "safer" than C in the same regards. Would you also argue that PHP programs tend to be safer and have fewer bugs than C programs?

I'm not at all sure that Java programs tend to be safer than C programs in 2013. Buffer overflows and stack smashing are pre-eminent in the C world precisely because many other classes of exploitable bugs are less prevalent, for many different reasons--engineer experience, typical usages, etc. C also tends to get more CVE reports precisely because historically has predominated in large, widely used programs that are under the microscope.

I'm not saying that Java programs are less secure. Maybe they're more secure. But the type of memory corruption possible with C is but one factor, and the potential for the same kind of corruption exists in all languages when executed on commodity hardware. And advances in mitigation techniques has narrowed the gap substantially in terms of the susceptibility to exploitable memory corruption.

New GNU Hurd, Mach, and MIG releases

Posted Oct 1, 2013 23:45 UTC (Tue) by wahern (subscriber, #37304) [Link]

I meant, "that Java programs have fewer security bugs (i.e. are 'safer') than C programs".

New GNU Hurd, Mach, and MIG releases

Posted Oct 2, 2013 1:00 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

PHP programs are in general far more secure than C-based ones. However, PHP itself is horrible for web development.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds