--- Additional Comments From mckinlay at redhat dot com 2005-03-31 19:01
---
I'm not sure that this should really be considered a bug. loadLibrary() must
obviously be a privileged function because arbritary code could be loaded by
calling it (possibly from an insecure context), but having/calling a CNI method
does not in itself cause anything to be loaded. A CNI method implementation must
already be loaded by being explicitly linked into an application binary.
To put it another way: is there a way that insecure bytecode can actually turn
this into an exploit?
Perhaps some kind of validity check is needed at link time to ensure that native
method declarations in insecure code do not link against an inappropriate native
method (for example, make sure that insecure classes cannot call themselves
gnu.foo.Whatever and get linked to a private CNI method implementation in
another class of the same name).
In any case, checking the loadLibrary permission is the wrong approach because
there is no library actually being loaded. The correct behaviour would be to
simply not link the method if something isn't right, resulting in an
UnsatisfiedLinkError.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20704
