Re: gnu.java.nio.FileChannelImpl

[Michael Koch]

Am Freitag, 26. November 2004 09:27 schrieb Jeroen Frijters:
> Michael Koch wrote:
> > Yes, such stuff can be done as optimization. But we have to do
> > this carefully. We have to make sure this can be exploited by bad
> > code. I would guess the current code can be exploited. I need to
> > write some applets to test this.
>
> This is why we should start using the security infrastructure to
> prevent untrusted code from accessing the gnu.* classes. I know you
> didn't like this idea, but it really is a sound idea (Sun uses it
> too) and will allow some nice other optimizations as well.

Did I said I don't like it ?

I read some interesting paper from Marc Schoenefeld latetly about how 
he exploited bugs in SUNs JDK. He has written some tool that uses 
reflection to test public constructors and methods in sun.* packages. 
We should really make this impossible. Limiting access to some 
packages in gnu.* namespace (not all) is a good idea. E.g. 
gnu.java.nio.* should be restricted, gnu.regexp.* not. This 
restriction should allow access from java.io, java.nio, java.lang, 
java.net, etc. but not from non-standard packages like java.foobar.
And we have to somehow make sure malicious code can not introduce 
classes into the standard packages.


Michael
-- 
Homepage: http://www.worldforge.org/