Sun's choice: Linux or Microsoft (was Re: Linux-Any Java development kits or books?

Sun's choice: Linux or Microsoft (was Re: Linux-Any Java development kits or books?

Post by Malcolm Beatt » Fri, 21 Jun 1996 04:00:00





>   >ALL Linux 2.0 does is recognise class files and run the java
>   >interpreter on them.  This is a tiny bit of code, and it basically
>   >means Java has the equivalent of the

>   >#!interpreter

>   This is the only intelligent way of supporting Java in the kernel.

>Actually, that's far from "the only intelligent way of supporting Java
>in the kernel".  Having a safe interpreter for Java directly in the
>kernel would be very useful in itself.  Currently, things like IP
>routing, user-defined file systems, and file system namespace
>manipulation are supported by a lot of special purpose code in the
>kernel.  If you could load executable code without having to worry
>about safety and security, those things could be both more efficient
>and more flexible.

For safety and security, the only kernel support needed is enough to
provide a reasonably virtualised machine. Linux ptrace(2) already
allows you to trap at each syscall entry and exit and the tracer can
then disallow unsafe syscalls. Opening files, network connections and
so on can be redirected by libc (or a library further up the preload
path than libc) and communicate with a manager process down an
already-open file descriptor. If it decides to let you open the file,
it sends the new file descriptor down the socket to you. So even
without additional kernel support, you can get a system in which you
can run any potentially-* binary that you like (whether that's
Java or not) and trap attempts to break out (and even go a long way
to avoiding some denial of service attacks). With the additional
kernel support of a per-process syscall mask you can do even better
(since ptrace mucks around with the process hierarchy a bit).

--Malcolm

--

Oxford University Computing Services
"Widget. It's got a widget. A lovely widget. A widget it has got." --Jack Dee

 
 
 

Sun's choice: Linux or Microsoft (was Re: Linux-Any Java development kits or books?

Post by Michael Elizabeth Chasta » Sat, 22 Jun 1996 04:00:00




> For safety and security, the only kernel support needed is enough to
> provide a reasonably virtualised machine. Linux ptrace(2) already
> allows you to trap at each syscall entry and exit and the tracer can
> then disallow unsafe syscalls.

This is an interesting idea.  I've used ptrace(2) to disable system
calls and spoof their return values.  Works great.

Imagine this:

    restricted-exec command args ...

where restricted-exec can be configured to deny whatever we think is
worth denying:

    open with arguments starting with '/'
    chdir, chroot
    link, unlink, symlink
    et cetera

Shared libraries are not a problem -- let the process load whatever
shared libraries it wants into its memory space.  It still has to make
sys calls to have effects on anything outside its memory space.

The performance penalty would be a little larger than running under
strace(1) today.

If anyone seriously pursues this, I'd be happy to chat with them.

Michael Chastain


 
 
 

1. Release of Sun(tm)'s Java(tm) Development Kit Beta 1.0 for Linux

I obtained the required files and have most things working
except:

The .java_wrapper script does not execute properly on
my RedHat Linux bash.  The line:

PRG=`which $0` >/dev/null 2>&1

does not execute the "which $0" command correctly.
An "echo $PRG" inserted after this line yields the
following upon execution of any of the symbolic links
to this file (./javac temp):

which: no ./javac in (/usr/local/bin:...etc...:/usr/local/java/bin)

Then:

dirname: too many arguments

So...it looks like a problem with bash to me.  Any similar
experiences or helpful comments?
--

2. AT&T automounter

3. java/47447: linux-sun-jdk1.4.1: java command can't find java.lang.Object

4. Segmentation fault causes extreme badness?

5. Java Development Kit for linux?

6. twm, Codemanager and FileMerge

7. Java Development Kit for Linux

8. SCCS

9. Java Development Kit for Linux ???

10. SUN'S JAVA: THE THREAT TO MICROSOFT IS REAL

11. Sun threatens to PULL THE PLUG on Microsoft's Java license.

12. O'Reilly pthreads book a good choice, w/ Linux?

13. Solved Netscape and Java Development Kit Problems