HotJava and threads: a bug?

Vesna Hassler (hassler@infosys.tuwien.ac.at)
Thu, 10 Sep 1998 18:01:00 +0200

Hi,

I don't know if it has already been discovered, but
I found some bugs in the HotJava's thread monitor (related
to threads in HotJava in general). Here is a description:

With an applet called AppletGuard we could kill all threads from the
HotJava thread group, including the threads implementing the thread
monitoring mechanism (ThreadCountApplet and ThreadListApplet), and they
couldn=92t even be loaded again. We then tried to kill AppletGuard from t=
he
HotJava browser. However, although the HotJava thread monitor showed that
AppletGuard had been killed, it wasn=92t quite true, since we then killed=
the
HotJava monitoring threads by the same allegedly dead instance of AppletG=
uard.

You can download AppletGuard from
http://www.infosys.tuwien.ac.at/Courses/Results/Praktika/AppletGuard/ExtA=
G4/
AppletGuard2.html

We started to develop it about a year ago, and today I read that
the HotJava has something similar, so I was curious to try it.
AppletGuard uses some security bugs from the older versions of the Netsca=
pe
browser (2.x and 3.x). With HotJava it is generally impossible for
AppletGuard to access other applets' threads, except the threads from the
HotJava thread group.

Please send all responses to hassler@infosys.tuwien.ac.at, I'm
not in the mailing list.

Vesna