classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Moving system properties to gnu.classpath.*

From: Jeroen Frijters
Subject: RE: Moving system properties to gnu.classpath.*
Date: Mon, 11 Oct 2004 09:29:08 +0200 
David Holmes wrote:
> Hmmm. While I can see what SecurityManager.checkPackageAccess 
> is supposed to do, the ClassLoader.loadClass documentation makes no
> mention of this security check, consequently I can't tell if the
> security check occurs before or after checking if the class is
> already loaded or can be loaded by a parent.

Yeah, the documentation sucks, but how is this any different from any of
the other APIs ;-)

> Further, as loadClass is not final, and as the class to be loaded
> is actually loaded by a parent loader (ie the bootstrap loader)
> it would be trivial to avoid any security check defined in the
> loadClass method itself.

It isn't trivial without creating your own class loader (which is a
privileged operation). If you read the security bulletin I pointed to,
you'll see that Sun relies on this same mechanism to prevent access to
the sun.* package, so presumably it is intended to be secure.

> The only way this check could work reliably is if the VM 
> itself performs the check. But it seems to me that this is a very
> underspecified part of the security architecture - other than when
> invoked via the reflection method.
> Curiously I've been unable to find any information as to when
> checkPackageAccess should actually be invoked!

I hope you're not arguing that we shouldn't implement it, just because
it is underspecified?

Regards,
Jeroen
reply via email to
[Prev in Thread] Current Thread [Next in Thread]