[rc5] V3 Questions and Concerns
gindrup at okway.okstate.edu
Mon Oct 27 16:11:07 EST 1997
Although true that Java cores are not as high-performance as native
cores, the extra security is likely to draw in people who would not be
comfortable downloading "strange" software to run unsupervised. This
would increase the effectiveness of the Effort.
The only remaining technical difficulty for me is: can an unsecured
Java GUI/network interface dynamically create a Java sandbox into
which to download and run an (untrusted) Java core? I know how to put
them both in the same untrusted sandbox and how to put them both in an
unsecured environment, but not how to mix the two. Being able to mix
would allow the trusted Java client to run trusted native cores.
There are a whole bunch of reasons that this is a good thing and
the only reason I've really heard opposing it is that the Java
performance isn't good enough. I counter, though, that 0kps is
infinitely worse than 1kps.
And, a comment: *Most* OSs running the Bovine client have no way to
do what you mention. Wintel and MacOS boxes don't do this.
-- Eric Gindrup ! gindrup at Okway.okstate.edu
______________________________ Reply Separator _________________________________
Subject: Re: [rc5] V3 Questions and Concerns
Author: <rc5 at llamas.net > at SMTP
Date: 1997/10/24 12:11
This is certainly a serious problem. Much of the allure of Java is
that it allows this kind of thing (download and run random code)
securely. As has been shown, Java is not fast enough to be usable in
the distributed.net effort yet, so we have to do something else.
It's been said before but i'll say it again: There is no substitute
for having source code.
In most contemporary operating systems, there exist facilities for
running programs natively in a sandbox. For example, in Unix i can
create a special user ('distributed'), and run distributed.net clients
as that user in a nice'd, chroot'ed, setrusage'ed environment. The
client program can still run amok and freak out, but it's not going to
hurt my system, and i can just step in and kill it.
Perhaps it would be useful to develop and distribute a wrapper for
these clients that allows the administrator to configure the amount of
resources they are willing to part with.
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5