[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SecurityManager troubles

From: Guilhem Lavaux
Subject: Re: SecurityManager troubles
Date: Thu, 12 Jan 2006 21:43:17 +0100
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050322)

Gary Benson wrote:
Jeroen Frijters wrote:

Guilhem Lavaux wrote:

This block is the loop:

   at testSM$MySM.checkPermission (
at java.lang.SecurityManager.checkSecurityAccess (
   at (
   at java.lang.SecurityManager$ (
at ( at java.lang.SecurityManager.checkPackageList ( at java.lang.SecurityManager.checkPackageAccess (
   at java.lang.ClassLoader$1.loadClass (
   at java.lang.ClassLoader.loadClass (

The last loadClass is already loading java/security/Permission and
checkPermission needs to load java/security/Permission too.  Maybe
it is also a SystemProperties trouble ?

This still looks like a VM bug to me. java/security/Permission
shouldn't be loaded through the application class loader, but the
boot class loader.

Isn't the boot class loader solely for java.lang?

FWIW I was able to push IBM's JRE into an infinite loop with this
test, so it would appear to be vulnerable to the same class of
problems even if not this actual problem.


For us the boot class loader principally loads the system class loader. The reason why you see a loadClass is because we are using the system class loader as built by java/lang/ClassLoader. This class loader loads everything after boot normally. Looking into the VM state it _is_ the case: the classes are loaded by ClassLoader$1 so implicit loading should use this class loader also.

BTW, Gary your test triggers a really nasty VerifyError in kaffe so maybe we also have to do some work here. Although it works fine on JDK 1.4.2.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]