Florian Weimer said the following on 08/15/10 21:51:
Classes storing native pointers must never be cloneable. I hope having identified all such cases in the JDK, but I can post my scripts so that others can try to find more instances.
I would not say that "Classes storing native pointers must never be cloneable" - the same cloning considerations apply to a native pointer as they do a Java reference: does it make sense for two instances to share the same pointer/reference? If the answer is no then you need to define a custom clone() method if you want to be able to correctly clone a class.
The ability of a subclass to introduce cloning in a way that can use a broken superclass clone() implementation is also not in itself necessarily a security issue. You can only clone subclass instances, not arbitrary superclass instances - so it really comes down to the details of the class concerned.
David Holmes
