RE: Moving system properties to gnu.classpath.*

Tue, 12 Oct 2004 22:55:09 -0700 

On Tue, 2004-10-12 at 11:38, Jeroen Frijters wrote:
> Archie Cobbs wrote:
> > Trying to fully understand... pardon my questions.. why is creating
> > a user-defined class loader not "safe"?
> 
> I don't know. In the history of Java there have been many security holes
> related to class loading, so I'm guessing it's just caution.
> 
> > Just because you load your own classes doesn't mean they aren't
> > subject to whatever SecurityManager is in place, right?
> > So how could they do anything not already allowed?
> 
> In theory you're right, but in practice the VMs probably have lots of
> bugs.
> 
> > Also, I thought the VM spec required java.lang.* could only be
> > loaded by the bootstrap loader. Do you have an example source file
> > that demonstrates this bug?
> 
> Attached.

I was curious what your code does...  Here's the output.

[EMAIL PROTECTED]:/tmp$ jikes-sablevm Crash.java
[EMAIL PROTECTED]:/tmp$ sablevm -Y Crash
java.lang.NullPointerException: Deprecated usage no longer supported.
   at java.lang.ClassLoader.defineClass (ClassLoader.java:622)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:586)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:561)
   at Crash.main (Crash.java:57)
   at java.lang.VirtualMachine.invokeMain (VirtualMachine.java)
   at java.lang.VirtualMachine.main (VirtualMachine.java:92)

[EMAIL PROTECTED]:/tmp$ kaffe Crash
java.lang.SecurityException: Prohibited package: java/lang/Object
   at java.lang.ClassLoader.defineClass0 (ClassLoader.java)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:180)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:172)
   at java.lang.ClassLoader.defineClass (ClassLoader.java:163)
   at Crash.main (Crash.java:57)

Looks like nothing bad should happen.  Does it actually crash some JVMs?

Cheers,

                        Grzegorz B. Prokopski
-- 
Grzegorz B. Prokopski           <[EMAIL PROTECTED]>
SableVM - Free, LGPL'ed Java VM  http://sablevm.org
Why SableVM ?!?                  http://sablevm.org/wiki/Features
Debian GNU/Linux - the Free OS   http://www.debian.org




_______________________________________________
Classpath mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/classpath

Reply via email to