David Holmes wrote: > Hmmm. While I can see what SecurityManager.checkPackageAccess > is supposed to do, the ClassLoader.loadClass documentation makes no > mention of this security check, consequently I can't tell if the > security check occurs before or after checking if the class is > already loaded or can be loaded by a parent.
Yeah, the documentation sucks, but how is this any different from any of the other APIs ;-) > Further, as loadClass is not final, and as the class to be loaded > is actually loaded by a parent loader (ie the bootstrap loader) > it would be trivial to avoid any security check defined in the > loadClass method itself. It isn't trivial without creating your own class loader (which is a privileged operation). If you read the security bulletin I pointed to, you'll see that Sun relies on this same mechanism to prevent access to the sun.* package, so presumably it is intended to be secure. > The only way this check could work reliably is if the VM > itself performs the check. But it seems to me that this is a very > underspecified part of the security architecture - other than when > invoked via the reflection method. > Curiously I've been unable to find any information as to when > checkPackageAccess should actually be invoked! I hope you're not arguing that we shouldn't implement it, just because it is underspecified? Regards, Jeroen _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
