John Keiser wrote:
> > We'll just need to make it possible to specify native libraries
> > that have higher
> > precedence than EF's built-in versions.
> >
>
> That'd work, too. Hmm. How could that be done automatically and securely,
> though? There would have to be the following precedence for it to work
> right and securely:
>
> - Classpath libs
> - EF libs
> - User libs
>
> You don't want to give native users the ability to override your methods (or
> do you?).
>
> Right now the way we load the libs is to run System.loadLibrary(). There
> would need to be a way to distinguish between when Classpath is doing this
> and when a user is doing this.
When I first suggested the idea, I wasn't even thinking of loadLibrary(). I
meant to bake the Classpath library DLL filename(s) into the VM's native code,
but you're right that loadLibrary() is the way to go.
As you say, an unintentional side-effect of using loadLibrary() this way would
be to give native code the ability to override the VM's methods. It's not a
security risk since anytime you allow a developer to load native methods, you've
let them out of the sandbox. It is, however, undesirable from the perspective
that this overriding should not be a supported behavior that a developer can
rely on.
-Scott
