Breaking all VMs, breaking all VMs...
Looks like XP Service Pack 2 could break a lot of products - like all JITTed systems (most Smalltalks, and most extant JVM's). Here's the relevant quote:
"Applications which perform dynamic code generation (such as Just-In-Time code generation) that do not explicitly mark generated code with Execute permission might have compatibility issues with execution protection." The company is supplying specific instructions and code samples to explain the implications of the changes for application developers.
It's actually quite brilliant. I's a great way to take a shot at Java while standing innocently and saying "who, me?" You have to give points for the audacity alone. Here's the best part, from the MS page referenced above:
Some application behaviors are expected to be incompatible with execution protection. Applications which perform dynamic code generation (such as Just-In-Time code generation) that do not explicitly mark generated code with Execute permission might have compatibility issues with execution protection. Windows .NET Framework applications do not currently mark generated code with Execute permissions. XPSP2 recognizes the current, shipped versions of .NET Framework and runs them with NX off. Therefore existing .NET applications will continue to run. Microsoft is enhancing the .NET Framework to take advantage of NX and will ship service packs for each of the shipped versions in the XP SP2 RTM timeframe. The .NET Framework "Whidbey" will innately support NX.
Wow. So .NET gets a pass, and the rest of us get to suck eggs. This will be fun...
Comments
freeform goodness
[d.w.] March 5, 2004 22:54:33.432
Wow, that's nervy.
But probably a good thing
[Steve Wart] March 6, 2004 7:42:17.141
It will go a long way to resolving buffer overflows. As it sits now, there's no way to tell the difference between memory set aside by a JIT VM and some unprotected C string.
Now what about the magic of NX support? Provided the vendors are responsive, they should be okay. But as usual, it is the average user who will be hit by this. Will apps just stop working once SP2 is installed? Or will a nice dialog appear saying that "visual.exe (or java.exe) attempted to violate the DCMA Act, McVeigh and Bin Laden vs. Ashcroft, and may also be attempting to violate the US Constitution. Please uninstall this software to protect yourself from liability from any washed up software vendors who have cast themselves against the shoals of the mighty White Tower of Redmond and bow down before the all-seeing Eye."
But wait!
[Steve Wart] March 6, 2004 7:55:07.606
There's more...
If .NET is running with NX turned off, then it won't obtain any of the benefits anyhow. Why is it easier for the .NET people to force the SP2 guys to compromise the security model of a critically important SECURITY update? Are internal MS politics so bogus? It's not even like the CLR is a REVENUE product; you download it for free! So there can be no business reason for this, only politics. Why not force a .NET upgrade to go along with SP2?
And .NET is not bullet-proof. My first C# program had a class that implemented it's own ToString() method. Guess what? I'm used to 1-origin indexing, so I did something like this:
public override string ToString() { return String.Format("{1}: {2} {3}", this.foo, this.bar, this.baz); }Guess what? Not only did the CLR crash, it destablised XP and I had to reboot. Sure, stupid programer tricks. But this is EXACTLY why I abandonded Mac programming in 1996 and went to Windows NT. The OS should NOT crash! No matter how stupid programmers get.
Untitled
[Carl Gundel] March 6, 2004 20:26:31.716
When is SP2 out? Now? A month? Next year?
Note to MS: Linux/Max look even better now, especially for java developers
[Kevin] March 7, 2004 2:35:08.307
Hey, this is great news! With the flurry of countries and tons of US business all moving off of MS crap products and to linux, and Java being the #1 development platform on Windows (and #2 behind C on linux) and #1 for Mac as well, I can only imagine the effect this will have on those businesses teetering on whether or not to go MS or linux. Easy choice now. Especially with the 2.6 kernel being ready be mid year or so in popular distributions. Right on MS, way to go. Once again your internal political moves will screw you in the end. I look forward to this update breaking a LOT of java apps, so that a large number of them will realize this is the last straw and move off of Windows as they are tired of all the crap.