On 11/01/2016 09:23 AM, John Rose wrote:
On Nov 1, 2016, at 10:22 AM, Jochen Theodorou <[email protected]> wrote:
Can we clarify "privileged code"? Privileged like in a SecurityManager in a
PrivilegedAction for example, for privileged like only jdk internal code? Just to see it
black on white ;)
Good question: I mean the basic JDK platform implementation. Something deep
in java.base. Like Unsafe.
I don't see why this can't be a "regular" API though, rather than a
super-user sledgehammer every single time. If user code can be
statically granted access, and that user code can deliberately acquire a
narrowly-scoped object which can access those Lookups/*Handles, then
isn't that better than using Unsafe, which not only represents
unrestricted system-wide access, but can undermine even the JVM's
integrity if leaked?
--
- DML
