Runtime.exec can be prevented though On Sun, Nov 8, 2015 at 2:31 PM Thomas Neidhart <[email protected]> wrote:
> On 11/08/2015 08:20 PM, James Carman wrote: > > I think this entire thing can be prevented with a security manager and a > > proper policy in place. Nobody does that, though > > You cannot prevent the use of reflection for public methods via a > SecurityManager. > > If you then look at the different provided payloads you can see that an > attacker can inject arbitrary bytecode that is being loaded. > > How would you prevent that such code is able to do anything harmful, > especially considering that it is being executed in the security context > of some trusted component? > > Thomas > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
