JNI Signal Chaining and OWASP (Security)
Andrew Haley
aph at redhat.com
Wed Apr 17 08:21:51 UTC 2019
On 4/16/19 1:22 PM, Florian Weimer wrote:
> Whether the alleged OWASP requirement makes any sense is a different
> matter, of course.
Well, yes, exactly. I'd like to know what the requirement is. I'm
concerned that legitimate techniques which people have been using for
years are declared insecure. Of course terribly risky practices should
be phased out, but some tools (e.g. libffi) have to jump through
extraordinary hoops to get around security restrictions. At its most
extreme, I wouldn't be surprised if some security expert declared JIT
compilation and interpreters insecure.
--
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the discuss
mailing list