[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: java.util.ResourceBundle bug?
From: |
Mark Wielaard |
Subject: |
Re: java.util.ResourceBundle bug? |
Date: |
Sat, 3 Nov 2001 15:36:25 +0100 |
User-agent: |
Mutt/1.3.23i |
Hi,
On Sat, Nov 03, 2001 at 06:42:26PM +1300, Bryce McKinlay wrote:
> Tom Tromey wrote:
>
> >Perhaps for certain methods this is necessary for VM security. In
> >this particular case I doubt it matters. Is there an exploit
> >available if you can find all the classes on the stack?
>
> I think you can override SecurityManager and call it without any
> restrictions anyway.
Yes you can, IF you have permission to actually create a SecurityManager.
(Note that our current implementation of the SecurityManger constructor
follows the old 1.1 semantics.) But this also seems to solve your problem.
Just create a package local subclass of SecurityManager in java.util
that can (only) be used by classes in java.util. Something like:
package java.util;
import java.security.*;
/** Package private SecurityManager for use by java.util code. */
class UtilManager extends SecurityManager
{
private static final UtilManger instance = newInstance();
private UtilManager() { }
private static UtilManager newInstance()
{
// Save because it can only be called through java.util code.
// Will always work since java.util classes have (all) system permissions.
UtilManager manager = (UtilManager) AccessController.doPrivileged
(
new PrivilegedAction()
{
public Object run()
{
return new UtilManager();
}
}
);
return manager;
}
/**
* Should precisely define what is element 0 till n.
* Note package access.
*/
static Class[] utilClassContext()
{
return instance.getClassContext();
}
}
Note that the above code is not tested (I did not even try to compile it).
Cheers,
Mark
--
Stuff to read:
<http://www.toad.com/gnu/whatswrong.html>
What's Wrong with Copy Protection, by John Gilmore
- Re: java.util.ResourceBundle bug?, Bryce McKinlay, 2001/11/02
- Re: java.util.ResourceBundle bug?, Tom Tromey, 2001/11/02
- Re: java.util.ResourceBundle bug?, Bryce McKinlay, 2001/11/03
- Re: java.util.ResourceBundle bug?,
Mark Wielaard <=
- Re: java.util.ResourceBundle bug?, Bryce McKinlay, 2001/11/03
- Re: java.util.ResourceBundle bug?, Mark Wielaard, 2001/11/04
- Re: java.util.ResourceBundle bug?, Brian Jones, 2001/11/04
- Re: java.util.ResourceBundle bug?, Bryce McKinlay, 2001/11/04
- Re: java.util.ResourceBundle bug?, Fred Gray, 2001/11/04
- Re: java.util.ResourceBundle bug?, Brian Jones, 2001/11/04
- Re: java.util.ResourceBundle bug?, Brian Jones, 2001/11/04
- Re: java.util.ResourceBundle bug?, Bryce McKinlay, 2001/11/04