RE: Moving system properties to gnu.classpath.*

classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Moving system properties to gnu.classpath.*

From:	Grzegorz B. Prokopski
Subject:	RE: Moving system properties to gnu.classpath.*
Date:	Wed, 13 Oct 2004 00:25:10 -0400

On Tue, 2004-10-12 at 11:38, Jeroen Frijters wrote:
> Archie Cobbs wrote:
> > Trying to fully understand... pardon my questions.. why is creating
> > a user-defined class loader not "safe"?
> 
> I don't know. In the history of Java there have been many security holes
> related to class loading, so I'm guessing it's just caution.
> 
> > Just because you load your own classes doesn't mean they aren't
> > subject to whatever SecurityManager is in place, right?
> > So how could they do anything not already allowed?
> 
> In theory you're right, but in practice the VMs probably have lots of
> bugs.
> 
> > Also, I thought the VM spec required java.lang.* could only be
> > loaded by the bootstrap loader. Do you have an example source file
> > that demonstrates this bug?
> 
> Attached.

I was curious what your code does...  Here's the output.

address@hidden:/tmp$ jikes-sablevm Crash.java
address@hidden:/tmp$ sablevm -Y Crash
java.lang.NullPointerException: Deprecated usage no longer supported.
   at java.lang.ClassLoader.defineClass (ClassLoader.java:622)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:586)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:561)
   at Crash.main (Crash.java:57)
   at java.lang.VirtualMachine.invokeMain (VirtualMachine.java)
   at java.lang.VirtualMachine.main (VirtualMachine.java:92)

address@hidden:/tmp$ kaffe Crash
java.lang.SecurityException: Prohibited package: java/lang/Object
   at java.lang.ClassLoader.defineClass0 (ClassLoader.java)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:180)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:172)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:163)
   at Crash.main (Crash.java:57)

Looks like nothing bad should happen.  Does it actually crash some JVMs?

Cheers,

                        Grzegorz B. Prokopski
-- 
Grzegorz B. Prokopski           <address@hidden>
SableVM - Free, LGPL'ed Java VM  http://sablevm.org
Why SableVM ?!?                  http://sablevm.org/wiki/Features
Debian GNU/Linux - the Free OS   http://www.debian.org

[Prev in Thread]

Current Thread

[Next in Thread]

RE: Moving system properties to gnu.classpath.*, (continued)
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
  - Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/12
    - Re: Moving system properties to gnu.classpath.*, Andrew Haley, 2004/10/12
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
  - RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/12
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
  - Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/12
  - RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/12
  - RE: Moving system properties to gnu.classpath.*, Grzegorz B. Prokopski <=
    - RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/13
  - RE: Moving system properties to gnu.classpath.*, Grzegorz B. Prokopski, 2004/10/13
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/12
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/13
  - RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/13

Prev by Date: GregorianCalendar doesn't work with large +ve/-ve time values
Next by Date: RE: Moving system properties to gnu.classpath.*
Previous by thread: RE: Moving system properties to gnu.classpath.*
Next by thread: RE: Moving system properties to gnu.classpath.*
Index(es):
- Date
- Thread