Geek Answers Handbook

Explaining java as a safe language?

Can someone please help me understand what the following attacks are and how java makes these attacks impossible:

  • exceeding the standard stack - a common attack of worms and viruses
  • memory corruption outside the process's own space
  • reading or writing files without permission.

I'm good at c / C ++ and starting with java, so please help me understand them.

+4
source share
3 answers

First of all, security issues are more a question than a language. Java imposes some security checks (border checks, etc.) that are optional (and very expensive at runtime) in C ++. Regarding your specific problems:

  • I guess this refers to the classic buffer overflow problem, which was often a problem in C. In C ++, we use std::vector , which can (and usually does, at least when the compiler has the correct options) do the same checks like Java. If, on the other hand, this refers to a stack overflow (for example, resulting in too deep recursion), then since the JVM stack is not a machine stack, Java can perform additional checks and also guarantee an exception from memory in case. (This is also possible in C ++, but I don’t know the compiler that does this. And operating systems do not always make it that simple.)

  • This is a problem with the OS, not a problem with the language. Modern OS does not allow programs to access memory outside their own process space, therefore, neither Java nor C ++ allow this.

  • As above, this is an OS problem, not a language problem, and a modern OS provides it relatively well, regardless of whether the program is written in Java or C ++.

Thus, both 2 and 3 are impossible, regardless of language and 1 will not occur in well-written C ++ (although this was a problem in the past with C).

+4
source

Java is a fairly safe language due to several reasons, mainly 3 points, Java is more secure than other languages, mainly because it executes bytecode instructions in its own virtual machine, rather than native code. It does not allow access to border boundaries and does not have access to pointers. This pretty much meets your first two points. As for reading and writing without permission, I'm not sure what you mean by that. By default, reading and writing files are controlled at the operating system level. Without any exploit, in order to get more permissions than necessary, no matter what language it is written in, the program cannot write or read files from which it is prohibited. If you mean, without permission from the point of view of the application, let's say a plug-in system, then you will need to study adding a security manager or your own testing to prevent changing modules or modules during your applications.

+5
source

Safety is a relative thing. Because Java runs in a virtual machine, it can protect it on its own for some of the classic problems observed in C.

routine stack overrun - common worm and virus attack

Java has a specific behavior when throwing a StackOverflowError, and you cannot get around this.

memory corruption outside the process's own space

IMHO, this is really an OS consideration. Your OS can protect your processes from changing the memory of other processes, even in C. Java protects you from the fact that I do not allow you to access local repositories, regardless of whether the OS provides this object or not. Most modern operating systems provide this protection.

reading or writing files without permission.

Again, your OS can protect you from this in C and should be your first line of defense. What Java does is you can run code that is not trusted and does not protect your files, even if you can access them, but do not let one of your programs access them. Java has two mechanisms: SecurityManager and AccessControl.

+4
source

More articles:


All Articles