[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Implementation details of VMStackWalker
From: |
Jeroen Frijters |
Subject: |
RE: Implementation details of VMStackWalker |
Date: |
Mon, 25 Jul 2005 11:42:24 +0200 |
Andrew Haley wrote:
> Of course, yes. But it's security issues that I'm concerned about
> here: what we want to know is the first caller of Foo.method() that is
> not Foo.
Not necessarily. Typically what's important is the supplier of the arguments to
the method. In the subclassing scenario, the subclass may be the one providing
the arguments (i.e. passing different values then it was passed), but it may
also be passing along the original values. If the subclasser is trusted but the
original caller isn't, you have a problem. Now granted, this is a coding error,
but I think it is facilitated by this too flexible model of walking the stack.
BTW, I'm not ruling out the need for this more flexible way of getting the
caller, I just want to make sure that this isn't the default and is used only
very cautiously.
Regards,
Jeroen
- RE: Implementation details of VMStackWalker, (continued)
- RE: Implementation details of VMStackWalker, Jeroen Frijters, 2005/07/25
- RE: Implementation details of VMStackWalker, Jeroen Frijters, 2005/07/25
- RE: Implementation details of VMStackWalker, Jeroen Frijters, 2005/07/25
- RE: Implementation details of VMStackWalker, Jeroen Frijters, 2005/07/25
- RE: Implementation details of VMStackWalker, Jeroen Frijters, 2005/07/25
- RE: Implementation details of VMStackWalker,
Jeroen Frijters <=