Pete Soper wrote:
Peter B. Kessler wrote:
Does the Java platform do anything to prevent files from changing
out from under it? E.g., once one has opened a jar file for class
loading, could a malicious (or oblivious) user write to the jar
file and disturb the VM? Or is that all relegated to "the operating
system", file system permissions, etc.?
... peter
No, yes, and yes for Sun Java SE on Solaris, Linux, and Windows. But
somebody can just dd /dev/zero over the top of a raw disk device too
if they "just have the permissions."
Deletion of a file is prevented by another process having it open on
Windows, but that doesn't keep it from being overwritten and for
rt.jar the program will explode when it tries to load the next class
(depending on where the damage is).
-Pete
If someone has the permission to touch your rt.jar and/or the access to
the rest of the filesystem, your app,
the jvm and the system are no longer secured anyway.
