Huge security hole in .NET: Java creator

Huge security hole in .NET: Java creator

Summary: Java creator: Huge security hole in .NET

SHARE:
Java creator James Gosling this week called Microsoft's decision to support C and C++ in the common language runtime in .NET one of the "biggest and most offensive mistakes that they could have made".

Gosling, who is currently CTO of Sun's Developer Products group, made the comments as part of his speech to developers at an event in Sydney earlier this week. He further commented that by including the two languages into Microsoft's software development platform, the company -has left open a security hole large enough to drive many, many large trucks through".

According to Gosling, the security hole is based upon the fact that several features of the older languages are ambivalent with regards to security: -C++ allowed you to do arbitrary casting, arbitrary adding of images and pointers, and converting them back and forth between pointers in a very, very unstructured way.

"If you look at the security model in Java and the reliability model, and a lot of things in the exception handling, they depend really critically on the fact that there is some integrity to the properties of objects. So if somebody gives you an object and says 'This is an image', then it is an image. It's not like a pointer to a stream, where it just casts an image," said Gosling.

Microsoft developer evangelist Charles Sterling didn't entirely disagree with Gosling's comments, but he sought to clarify the issue with .NET's security. Stirling pointed out that .NET defines different sorts of code. "Managed" code is code that is executed under the control of the .NET framework. New languages such as C# and Visual Basic.NET only produce managed code.

However, Gosling is concerned about "unsafe" code, which is produced by traditional languages like C and C++. Unsafe code is old code that does not strictly follow the rules of type safety that .NET defines, and this sort of code requires additional permissions to execute. According to Sterling, "you as a developer take it upon yourself" to utilise unsafe code in your .NET applications.

An important point is that the so-called unsafe code does have the potential to run faster than "managed" code due to some languages' ability to include machine-specific features that may sacrifice platform portability for speed. Sterling acknowledged this as he said that the choice between the two platforms is all about risk: if developers are willing to "accept the risk" of unsafe code then they may gain access to "the best performance system on the planet".

Sterling also gave the debate a reality check when asked of his personal knowledge of .NET developers actually implementing C or C++ code under a .NET framework. Of the approximately one thousand developers that Sterling knows, he could only recall one directly developing under the C++ code. Whether this indicates an unwillingness on the part of developers to utilise code that is unsafe is notclear.

Topics: Open Source, Government, Microsoft, Oracle, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion
  • Both .NET and Java are brain-damaged attempts to make incompetent programmers harmless, even if it results in delivering slow, bloated and generally low-quality software to customers.
    anonymous
  • Java suffers from the same problem.

    Anyone read sun's docs on calling native methods or doing JNI?

    Under .NET, there is a clear separation between safe and unsafe code.
    anonymous
  • Gosling either doesn't understand or doesn't want to admit that running C++ is not endangering the .NET CLR at all! C# already supports unsafe code. But whether it is C# unsafe code or C++ code, it can't run at all on a user's machine unless it is explicitly given full permissions to the user's system.

    Check out all the responses on Slashdot:
    http://it.slashdot.org/article.pl?sid=05/02/04/2139259&tid=172&tid=109&tid=108&tid=102&tid=1
    anonymous
  • Very interesting point, indeed.
    I would particularly like to point out that, althogh Mr. Sterling points out that only one in thousand developers is using one of those two languages, that person most probably is a Microsoft developer working on a Longhorn application that requires performance, such as IIS, for example.
    anonymous
  • No independent, industry accepted security standards or criteria are referenced by either Mr. Gosling or Mr. Sterling. Thus the credibility of the discourse between the two depends on who is the more credible industry celebrity. *cough* The reported claim and rebuttal are at best a childish "is to! is not!" argument and corporate sponsored FUD (fear, uncertainty, doubt) at worse. A real discussion would use criteria such as U.S. DoD security accreditation standards as a reference to ****ess the merits Java's and .NET's security arguments.
    anonymous
  • As with any language and/or system - you can create safe or unsafe. As I see todays application developers (sorry) they better have a safe system to work. The times when applcations and systems were strictly separated is gone (IMHO). I write comm. systems with ****embler, C, C++ , C#, Delphi, Python BUT the applications running on top of that layer ARE UNSAFE ( independent what the system is ) even if the applications developers are supposed to be good the comm. layer has to do all the work protecting the system - they ( and their managers ) have absolutely no idea what it takes to protect against any kind of memory overflow, unauthenticated connection, unauthorized access to some service, etc.. A never ending story..
    anonymous
  • Ah ah! I can't believe it!
    Gosling lost every ounce of credibility he had left...If at leat he understood what .Net is about.

    Come on James, go have a read! You're pathetic!
    anonymous
  • he must be complete brain dead.

    First off I code with C++ .net (i prefer C++ .net over C#), and I use unsafe code. why you ask?

    because i know how to use it. I have been developing in C & C++ for a long time, so i know the 'ins' and 'outs' of the language.

    this isnt about the language, this is about getting java more developers and publicity.
    anonymous
  • I see that there are many Microsoft developers among the readers.

    In the above comments I read things like "I'm a super good programmer, and therefore I don't make any mistakes that threaten security". To me that shows utter ignorance. Virus creators may also be "super good programmmers".
    It should not be *possible* to write unsafe code. In fact, any such possibility must be considered a bug, because if the oportunity is there then someone will write code that exploits it.

    The Windows NT kernel was written to the OS/2 3.0 specification. The spec was very security-oriented, and the original Kernel design (a micro-kenel) reflected that. But as Mr Sterling points out some people favour speed over security; compromises were made. The NT kernel now includes things like the graphical sub-system and some .NET compnents. The consequence? As we all know it is virtually impossible to create a reasonably safe installation of Windows NT/2000/XP. New patches every week! Viruses and worms. Global outages.

    For Java (and Linux, and Unix), the default is the safe mode. Any exception will have to manually enabled by the guy with administrative privileges. For example, a Java applet does not, ever, allow JNI calls, unless the user specifically takes action to enable them.

    In the DOS days reliability was in the hands of the programmers. It should not be that way in the new century.
    anonymous
  • What the hell? Is this a joke? Are you seriously trying to defame .NET because of people who are stupid enough to still program in C++ and C?

    I don't think this should be a stab at .NET it should be a stab at C++ and C, but it gets redirected towards .NET some how?

    Honestly, this is almost as bad as a "Macintosh is more secure than windows" article.

    Don't post this garbage, ever.
    anonymous
  • Poor attempt of a java advertisement. You can make the same mistake using JNI. Case closed - time wasted.
    anonymous
  • Regarding the whole: MS added things to the kernel and therefore it is the cause of virii getting through:

    Uhm, which viruses and worms specifically? The majority of Windows worms and viruses come from a combination of unsafe ActiveX components and people running their boxes as Administrators. And more the latter than anything else.

    An exploited application (read: a worm you've downloaded, an activex component, or a buffer overrun attack) is generally only as powerful as the permissions given to the application. So, if you aren't running your box as Admin, hey, it can't attack the files in your system, most of the registry, and the Program Files folder.

    If you are going to ding Microsoft, pick your targets correctly.
    anonymous
  • I find it extremely hard to believe that the CTO of a UNIX provider only knows 1 programmer using C++. I know Solaris isn't written in Java.
    anonymous
  • James Gosling is right when he talks about "risk" but probably less so when he talks about "huge mistake".

    Writing device drivers and other low-level coding is still best done in C or C++. Microsoft had no choice but leave this option open. The industry will only be rid of such requirement when the entire stack of system components is built with embedded virtual machine primitives support. That's not likely to happen anytime soon, is it?

    Perhaps Gosling is trying to stimulate component vendors to build more Java-enabled devices. If you are running Java, there's always a platform-specific layer which eventually runs a non-managed code of some sort. Nobody can provide a 100% managed-code solution platform at this stage, not even Sun. How could Microsoft not support that in .Net?
    anonymous
  • I see that there are many Microsoft developers among the readers.

    In the above comments I read things like "I'm a super good programmer, and therefore I don't make any mistakes that threaten security". To me that shows utter ignorance. Virus creators may also be "super good programmmers".
    It should not be *possible* to write unsafe code. In fact, any such possibility must be considered a bug, because if the oportunity is there then someone will write code that exploits it.

    The Windows NT kernel was written to the OS/2 3.0 specification. The spec was very security-oriented, and the original Kernel design (a micro-kenel) reflected that. But as Mr Sterling points out some people favour speed over security; compromises were made. The NT kernel now includes things like the graphical sub-system and some .NET compnents. The consequence? As we all know it is virtually impossible to create a reasonably safe installation of Windows NT/2000/XP. New patches every week! Viruses and worms. Global outages.

    For Java (and Linux, and Unix), the default is the safe mode. Any exception will have to manually enabled by the guy with administrative privileges. For example, a Java applet does not, ever, allow JNI calls, unless the user specifically takes action to enable them.

    In the DOS days reliability was in the hands of the programmers. It should not be that way in the new century.
    anonymous
  • Interoperability and performance demand C/C++.

    The performance difference between Java, C#, and so forth versus C/C++ is really not too bad, until it matters. When it really matters, you really want to manage your own memory and have the low level control that C/C++ offer you.

    Being able to program in C is also important for interoperability. Java, C#, Python, Ruby, they all have a way to connect to C because -- like it or not -- that's where the libraries are. If you want to write a program that can be used from any language, you provide C bindings, not COM, DCOM, CORBA, or whatever the latest trendy object model is. C is what everything can communicate with.
    anonymous
  • If you are a Small to Medium sized business and looking for a website to be developed or have an internal solution for billing etc. it is always better go for PHP or Perl with Linux platform. It is very cheap to host your website which reduces your on-going costs. If you are expecting some integration and necessary to implement Web Services, use Java in the middle tier and PHP in the presentation layer to reduce the development time and get the considerable performance. If you have less than half a million customers and not expecting more than 10000 customers at a time using your website, no need to look at commercial solutions. For any professional advice or consultation to discuss your needs vist htttp://www.webanalytics.net.au
    anonymous
  • Risk Mitigation is the key.

    1 All companies need to slow down and define a global list of issues.

    2 they need to collaborate on all security matter in coding, conventions etc

    It's just not good enough of an excuse to me for a devloper to say there are lietrally millions of line s of code to search through.

    Get your acts together and create code that is secure as possible before release.

    I personally am sick of trying to help users who are constanly invaded by java, dso threats and the like.

    It drives me mad that there are some many holes in peoples code.
    anonymous
  • What does it means? We should dismiss C++ or C or ****embly because they are 'unsafe'?
    anonymous
  • Gosling should stop to smoke crack. Or work in Java. Both are brain damaging beyond any hope of redemption. For a "Chief Technologist", showing how less he knows about its competitor is certainly not a smart move. Well, this is Darwinism at work. Soon, the old dinosaurs Sun, Gosling will go for extinction. Good riddance.
    anonymous