Thursday, July 07, 2005

Crazy Idea for C and Java Gurus

update: An anonymous reader points me to Apache James and ApacheDS. Very cool!

I've been mulling this idea in my head for quite a few years now, and i'm pretty sure there are a bazillion people out there who've been mulling over the same idea for far longer, and likely have implemented it in many places, but since i'm too lazy/busy to google for it, i figured i'd just ask here, so people can educate me.

Many Unix daemons that run Internet services such as named/bind, smtpd/sendmail, etc, have for years been implemented and run in C. It makes sense, C is very fast, native to Unix and Linux. Many security issues over the years have been found and, thanks to the open-source process, plugged very fast. Some of those security issues have typically been "remote buffer overflow" exploits, allowing malicious attackers to gain access to those servers and compromise them at very low levels, often undetected.

Flash forward to Java and its virtual machine. Would it be conceivably decent to build Java implementations of most popular Unix daemons out there? I'm not looking to start a whole "Java is slower than C" flamewar here. I'm merely considering the fact that if a service runs from the Java Virtual Machine ... the worst that could be done against said service, might be crash the Virtual Machine it runs from, leaving the host machine un-compromised. There's a Java VM for just about anything that has a CPU out there, so deployment should be fairly trivial. Apache Tomcat is a successful example, used on many production systems to serve HTTP requests. So that covers your typical port 80. What about SMTP/25? POP/110? Hell, let's be crazy here, SMBD/135-139's been cracked *MANY* times.

While I understand such Java implementations would not be the kind of thing people would jump on to deploy on production systems, they might make for interesting "science projects"/case studies for industrious developers, and would help further test the limits of Java.

While the use of GCC on your platform of choice makes most daemons implemented in C pretty darned cross-platform, Java would obviously push this portability even further ... use the same .jar file ... maybe hack some cross-platform happiness into startup scripts (a-la, bickity-bam you're done? Things might get hairy when a daemon needs to access OS-specific features, such as local User information/permissions, likely making it harder to implement simple "drop-in" replacements, and instead requiring some re-architecture of host systems such as moving to LDAP-based user management, etc ... which might be a serious deterrent Eeek.

I'll try and scour sourceforge for such projects. If I'm simply crazy/clueless, please do say so in comments >:D

1 comment:

Anonymous said...

Examples of services written purely in Java:
SMTP/POP3/NNTP: Apache James
LDAP: ApacheDS