public inbox for java-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug libgcj/9250] runtime should only use non-visible locks
[not found] <bug-9250-360@http.gcc.gnu.org/bugzilla/>
@ 2005-11-17 17:38 ` mckinlay at redhat dot com
2006-03-29 17:52 ` tromey at gcc dot gnu dot org
2006-03-29 18:14 ` mark at gcc dot gnu dot org
2 siblings, 0 replies; 3+ messages in thread
From: mckinlay at redhat dot com @ 2005-11-17 17:38 UTC (permalink / raw)
To: java-prs
------- Comment #4 from mckinlay at redhat dot com 2005-11-17 17:38 -------
I'm curious whether other Java implementations do this - my guess is no, since
some of these locks are mandated by the spec (during class initialization, for
example), so it seems that denial-of-service attacks would always be possible.
Its my understanding that the Java security model is not really designed or
intended to guard against DOS attacks.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=9250
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libgcj/9250] runtime should only use non-visible locks
[not found] <bug-9250-360@http.gcc.gnu.org/bugzilla/>
2005-11-17 17:38 ` [Bug libgcj/9250] runtime should only use non-visible locks mckinlay at redhat dot com
@ 2006-03-29 17:52 ` tromey at gcc dot gnu dot org
2006-03-29 18:14 ` mark at gcc dot gnu dot org
2 siblings, 0 replies; 3+ messages in thread
From: tromey at gcc dot gnu dot org @ 2006-03-29 17:52 UTC (permalink / raw)
To: java-prs
------- Comment #5 from tromey at gcc dot gnu dot org 2006-03-29 17:52 -------
I now agree with comment #4.
I don't think this is a bug.
--
tromey at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=9250
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libgcj/9250] runtime should only use non-visible locks
[not found] <bug-9250-360@http.gcc.gnu.org/bugzilla/>
2005-11-17 17:38 ` [Bug libgcj/9250] runtime should only use non-visible locks mckinlay at redhat dot com
2006-03-29 17:52 ` tromey at gcc dot gnu dot org
@ 2006-03-29 18:14 ` mark at gcc dot gnu dot org
2 siblings, 0 replies; 3+ messages in thread
From: mark at gcc dot gnu dot org @ 2006-03-29 18:14 UTC (permalink / raw)
To: java-prs
------- Comment #6 from mark at gcc dot gnu dot org 2006-03-29 18:14 -------
TYhis bug is now closed but I wanted to add the following link for the
archives. A couple of these denial of service attacks by taking locks were in
the examples of Sascha's GNU Classpath Security talk at Fosdem 2004:
http://www.brawer.ch/articles/classpathSecurity/
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=9250
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-03-29 18:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-9250-360@http.gcc.gnu.org/bugzilla/>
2005-11-17 17:38 ` [Bug libgcj/9250] runtime should only use non-visible locks mckinlay at redhat dot com
2006-03-29 17:52 ` tromey at gcc dot gnu dot org
2006-03-29 18:14 ` mark at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).