|
|
|
|
|
|
by baybal2
2945 days ago
|
|
|
>But perhaps the stack machine was choosen because it tends to produce smaller binaries (which is important for things you send over the net) and not for security reasons? Who knows what was in their heads, but stack level attacks are as easy as to exploit unsafe type casting in anything that amount to a stack pointer. My guess why they choose to do it that way is simply because there are more literature available for mid-tier coders in style of "VMs for dummies" and they wanted to always have an option to not to do extensive research on every small mater, and just copy JVMs behaviour. |
|
|
The security problems of java are not related to it being a stack-based VM at all. The problems are that the api lets applets do things they shouldn’t be able to and arbitrary code execution during serialisation.