On 24 March 2011 19:34, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
>
>
> On Tue, Mar 22, 2011 at 5:34 AM, Stéphane Ducasse
> <
stephane.ducasse@inria.fr> wrote:
>>
>> But why we could not have a byecode validator at the image level that
>> first make sure that byte code are in sync with the format of the objects.
>
> Because it can be compromised. An in-image verifier is subject to attack,
> and could be disabled by an attack that got past the in-image verifier
> before it got a chance to run. An in-VM verifier is not possible to
> side-step because it is the only way to execute code. So an in-VM verifier
> can be secure but an in-image one can't and so is pointless.
>