Security Improvements in JDK 1.4.1 Beta

by Todd Sundsted

July 11, 2002 —

The recently released beta of Sun's JDK, version 1.4.1, contains a
surprising number of improvements for a point release. Quite a number of
these improvements are either directly or indirectly security related.

The improvements begin with changes to the Java compiler (javac). In
several cases, previous versions of Sun's Java compiler failed to check
for null references when they occurred in certain infrequently
encountered expressions. The compiler also allowed language constructs
that were not permitted by the language specification. It is important
to correct problems like these because flaws in the language
implementation have been used in the past to undermine platform and
application security.

Three new security tools were added to this release of the JDK. The JDK
now includes kinit, klist, and ktab -- three tools that help users
operate in a Kerberos environment. Kinit allows users to obtain Kerberos
tickets, klist allows users to list entries in their credential cache
and key table, and ktab allows users to manage entries in their key
table.

The Java HotSpot virtual machine now includes a deadlock detector that
detects certain kinds of application deadlocks. The deadlock detector is
invoked manually with a special keypress and reports on the state of the
virtual machine.

Version 1.4.1 also fixes a handful of issues with Sun's reference
implementation of SSL in the JSSE -- primarily with regard to
interoperability with implementations from other vendors and with
previous implementations from Sun.

All in all, the final release of JDK 1.4.1 is shaping up to be one of
the best ever.

ITworld