------- Additional Comments From mckinlay at redhat dot com 2005-03-31 19:01 ------- I'm not sure that this should really be considered a bug. loadLibrary() must obviously be a privileged function because arbritary code could be loaded by calling it (possibly from an insecure context), but having/calling a CNI method does not in itself cause anything to be loaded. A CNI method implementation must already be loaded by being explicitly linked into an application binary.
To put it another way: is there a way that insecure bytecode can actually turn this into an exploit? Perhaps some kind of validity check is needed at link time to ensure that native method declarations in insecure code do not link against an inappropriate native method (for example, make sure that insecure classes cannot call themselves gnu.foo.Whatever and get linked to a private CNI method implementation in another class of the same name). In any case, checking the loadLibrary permission is the wrong approach because there is no library actually being loaded. The correct behaviour would be to simply not link the method if something isn't right, resulting in an UnsatisfiedLinkError. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20704
