[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Small ZipFile patch
From: |
Tom Tromey |
Subject: |
Re: Small ZipFile patch |
Date: |
04 Mar 2003 17:47:56 -0700 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
>>>>> "Jeroen" == Jeroen Frijters <address@hidden> writes:
Jeroen> Another interesting trick with the finalizer is creating
Jeroen> instances of classes that have a private constructor! The
Jeroen> attached runtime.j creates an instance of (a subclass of)
Jeroen> java.lang.Runtime.
Interesting test case.
With gij this prints `null', but that's probably because the GC and
finalization don't actually occur.
Jeroen> It could be considered a bug in Sun's verifier that it allows
Jeroen> a class without a constructor, what do the other VMs do with
Jeroen> this code?
Both Sun 1.4 and IBM 1.3 print a non-null `runtime' object.
Have you read this?
http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
It seems like your technique could be also used to circumvent the
security check in the ClassLoader constructor.
I wonder what Sun has to say about this.
Tom
- Re: Small ZipFile patch, (continued)
- Re: Small ZipFile patch, Tom Tromey, 2003/03/04
- Re: Small ZipFile patch, Mark Wielaard, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- Re: Small ZipFile patch,
Tom Tromey <=
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/05