[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Small ZipFile patch
From: |
Jeroen Frijters |
Subject: |
RE: Small ZipFile patch |
Date: |
Wed, 5 Mar 2003 09:18:27 +0100 |
Tom Tromey wrote:
> Jeroen> Another interesting trick with the finalizer is creating
> Jeroen> instances of classes that have a private constructor! The
> Jeroen> attached runtime.j creates an instance of (a subclass of)
> Jeroen> java.lang.Runtime.
>
> Interesting test case.
>
> With gij this prints `null', but that's probably because the GC and
> finalization don't actually occur.
>
> Jeroen> It could be considered a bug in Sun's verifier that it allows
> Jeroen> a class without a constructor, what do the other VMs do with
> Jeroen> this code?
>
> Both Sun 1.4 and IBM 1.3 print a non-null `runtime' object.
>
> Have you read this?
>
> http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
Not sure. I have the pdf sitting on my desktop, so either I did or I'm
planning to ;-)
> It seems like your technique could be also used to circumvent the
> security check in the ClassLoader constructor.
>
>
> I wonder what Sun has to say about this.
Sun's ClassLoader has a hack that prevents this from being exploitable:
http://www.securingjava.com/chapter-five/chapter-five-8.html
Regards,
Jeroen
- Re: Small ZipFile patch, (continued)
- Re: Small ZipFile patch, Mark Wielaard, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch, Jeroen Frijters, 2003/03/04
- RE: Small ZipFile patch,
Jeroen Frijters <=