On 31/07/2021 04:04, Peter Firmstone wrote:
Allan has advised when finalizers are removed, it will be practical to
use Agents to instrument public API to implement an authorization
layer, this is try, so can it be coordinated with JEP 411 et al?
Our exchange was about instrumenting constructors that specify SM
permission checks and where the classes that define these constructors
have been hardened to thwart finalizer attacks. It wasn't a comment on
the bigger question on how practical it is to use instrumented the
entire JDK. Once you get further on then I assume a big challenge will
be with APIs that separate the interface and implementation (think
factory methods, APIs that define service provider interfaces ...). Here
I expect you will want to instrument the implementation classes. Going
deeper, you may find places where the SM check isn't on method entry but
instead after defensive copying of mutable parameters or after acquiring
a lock that prevents mutation while do a security sensitive operations.
So non-trivial but a fun approach to explore. If you have the cycles
then pick a version and try it. That will give you a sense on how much
effort may be required to keep up and be confident that every
interesting code path is covered.
-Alan
