John Keiser wrote:
>
> (Oh, and Stuart ... saw your mail while I was writing this. Take note that
> he's trying to call these methods from java.util, not java.lang, so we
> simply cannot avoid security risks.)
Yeah, I saw that. But I was under the impression that *native* code
isn't subject to access control, and so you CAN call a package-private
java.lang method from java.util native code. Have I misunderstood this?
How can java enforce security checks on C code?
The only other solution is to use the 1.2 security architecture to
protect access to gnu.vm.stack.StackTrace. But if a native method can do
it directly, why bother? The native way means just one native method and
all of gnu.vm.stack can be removed - it reduces complexity a lot. Adding
security to it *increases* complexity.
Stuart.
