classpath
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Small ZipFile patch


From: Jeroen Frijters
Subject: RE: Small ZipFile patch
Date: Wed, 5 Mar 2003 09:18:27 +0100

Tom Tromey wrote:
> Jeroen> Another interesting trick with the finalizer is creating
> Jeroen> instances of classes that have a private constructor! The
> Jeroen> attached runtime.j creates an instance of (a subclass of)
> Jeroen> java.lang.Runtime.
> 
> Interesting test case.
> 
> With gij this prints `null', but that's probably because the GC and
> finalization don't actually occur.
> 
> Jeroen> It could be considered a bug in Sun's verifier that it allows
> Jeroen> a class without a constructor, what do the other VMs do with
> Jeroen> this code?
> 
> Both Sun 1.4 and IBM 1.3 print a non-null `runtime' object.
> 
> Have you read this?
> 
> http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf

Not sure. I have the pdf sitting on my desktop, so either I did or I'm
planning to ;-)

> It seems like your technique could be also used to circumvent the
> security check in the ClassLoader constructor.
> 
> 
> I wonder what Sun has to say about this.

Sun's ClassLoader has a hack that prevents this from being exploitable:
http://www.securingjava.com/chapter-five/chapter-five-8.html

Regards,
Jeroen




reply via email to

[Prev in Thread] Current Thread [Next in Thread]