[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Implementation details of VMStackWalker

From: Jeroen Frijters
Subject: RE: Implementation details of VMStackWalker
Date: Mon, 25 Jul 2005 11:42:24 +0200

Andrew Haley wrote:
> Of course, yes.  But it's security issues that I'm concerned about
> here: what we want to know is the first caller of Foo.method() that is
> not Foo.

Not necessarily. Typically what's important is the supplier of the arguments to 
the method. In the subclassing scenario, the subclass may be the one providing 
the arguments (i.e. passing different values then it was passed), but it may 
also be passing along the original values. If the subclasser is trusted but the 
original caller isn't, you have a problem. Now granted, this is a coding error, 
but I think it is facilitated by this too flexible model of walking the stack.

BTW, I'm not ruling out the need for this more flexible way of getting the 
caller, I just want to make sure that this isn't the default and is used only 
very cautiously.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]