[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnu.java.nio.FileChannelImpl
From: |
Michael Koch |
Subject: |
Re: gnu.java.nio.FileChannelImpl |
Date: |
Fri, 26 Nov 2004 09:51:26 +0100 |
User-agent: |
KMail/1.6.2 |
Am Freitag, 26. November 2004 09:27 schrieb Jeroen Frijters:
> Michael Koch wrote:
> > Yes, such stuff can be done as optimization. But we have to do
> > this carefully. We have to make sure this can be exploited by bad
> > code. I would guess the current code can be exploited. I need to
> > write some applets to test this.
>
> This is why we should start using the security infrastructure to
> prevent untrusted code from accessing the gnu.* classes. I know you
> didn't like this idea, but it really is a sound idea (Sun uses it
> too) and will allow some nice other optimizations as well.
Did I said I don't like it ?
I read some interesting paper from Marc Schoenefeld latetly about how
he exploited bugs in SUNs JDK. He has written some tool that uses
reflection to test public constructors and methods in sun.* packages.
We should really make this impossible. Limiting access to some
packages in gnu.* namespace (not all) is a good idea. E.g.
gnu.java.nio.* should be restricted, gnu.regexp.* not. This
restriction should allow access from java.io, java.nio, java.lang,
java.net, etc. but not from non-standard packages like java.foobar.
And we have to somehow make sure malicious code can not introduce
classes into the standard packages.
Michael
--
Homepage: http://www.worldforge.org/
- Re: gnu.java.nio.FileChannelImpl, (continued)
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/25
- Re: gnu.java.nio.FileChannelImpl, Michael Koch, 2004/11/25
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/25
- Re: gnu.java.nio.FileChannelImpl, Michael Koch, 2004/11/25
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Michael Koch, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Michael Koch, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl,
Michael Koch <=
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26