[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Moving system properties to gnu.classpath.*
From: |
Jeroen Frijters |
Subject: |
RE: Moving system properties to gnu.classpath.* |
Date: |
Tue, 12 Oct 2004 08:54:37 +0200 |
David Holmes wrote:
> This seems to be a fairly critical part of the classloader security
> architecture that is simply not documented. This makes it
> rather difficult to know how it is supposed to be implemented.
It looks more like a hack to me, but it seems to do exactly what I want,
so I'm not complaining.
> > It isn't trivial without creating your own class loader (which is a
> > privileged operation).
>
> True, but the createClassloader permission is not supposed to imply
> accessPackage.* permission, but that is what could occur.
> This might be a small crack inside the vault but it is still a crack
> that should not be there. Much of the security architecture talks
about
> malicious classloaders, but you are implying that all classloaders are
> trustworthy.
True, but in reality I've never seen any evidence (or even suggestions)
that creating a class loader is safe on any VM (in fact, the Sun 1.4 VM
allows a custom class loader to redefine java.lang.Object and crash the
VM).
Regards,
Jeroen
- RE: Moving system properties to gnu.classpath.*, (continued)
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/12
RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/11
RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
RE: Moving system properties to gnu.classpath.*,
Jeroen Frijters <=
RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12