Question: Safe extension language

Thu Jun 29 17:43:00 GMT 2000

Luc> The way this would work is that users would submit their Java
Luc> code to our server, which would compile it into a DLL and
Luc> cryptographically sign it. The resulting executable could then be
Luc> safely used by other people, without fear that they're
Luc> downloading a malicious script.
I don't know if I'm ready to go quite that far. Our implementation
stubs out most of the security code. An evil Java program can
basically do anything in our implementation. It can also obscure its
actions by, eg, deleting files using calls via reflection, etc.
There's also denial-of-service issues. e.g., a Java program can
create enough threads to clog the system.
Of course the risks are yours to assume. You could ameliorate them in
various ways, I guess.
Still the idea is basically sound. You don't even have to make a DLL.
You could use the interpreter we provide. If it doesn't run on your
platform all you need to do is port a small piece of libffi to enable
the interpreter. It currently works on x86 and IA-64; nobody has done
the other ports yet.
Luc> I'm quite new to Java and GCJ, so I'd really appreciate comments
Luc> on the above. Does it sound feasible? Is GCJ at this point stable
Luc> enough for this?
Stability is indeed a question. Since you control the tools you could
make sure to find a particularly good instance of the compiler and
simply freeze at that point.
Tom