Re: window of vulnerability
- From: "Chris Uppal" <chris.uppal@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 28 Feb 2007 12:42:15 -0000
mei wrote:
Would it be possible to "attack" a third-party
class (whose code wouldn't be modifiable) by running a concurrent thread
that would exploit a window of vulnerability?
If it was possible then that would be because of a bug in the third-party
class. Java provides all the tools you need to ensure that you don't leave any
thread-related holes (either for security or just for safety). But that
doesn't mean that all classes /will/ be safe -- anyone can write buggy code,
and multi-threaded code is notoriously difficult to get right.
But there is also a wider sense in which malicious code could exploit a "window
of opportunity", not specifically about threading issues (and not specific to
Java either), if the application isn't carefully designed. There are all sorts
of possibilities there, but each one is about finding some loophole in the
application design. One large category of attacks focus on temporary files
which some applications use to pass information between programs. If the
designer isn't careful, then there may be a chance for someone else to
substitute their own data. You can check Google for
"temporary file vulnerability"
Note that very few or none of the hits mention Java, although the same problems
/could/ occur in Java.
-- chris
.
- References:
- [security] window of vulnerability
- From: mei
- Re: window of vulnerability
- From: Daniel Pitts
- Re: window of vulnerability
- From: mei
- [security] window of vulnerability
- Prev by Date: Re: Disable ESC on JOptionPane
- Next by Date: Re: help with properties class
- Previous by thread: Re: window of vulnerability
- Next by thread: Do I need to keep all the Java updates?
- Index(es):
Relevant Pages
|
