>>>>> "Bryce" == Bryce McKinlay <[EMAIL PROTECTED]> writes:
Bryce> I think the correct fix is to remove this method Bryce> (ResourceBundle.getClassContext) and natResourceBundle.cc Bryce> altogether. There is no reason to have a separate Bryce> implementation of getClassContext() here, instead it should Bryce> call the static implementation in VMSecurityManager. The Bryce> problem is that VMSecurityManager is in java.lang and Bryce> package-private, but I don't think it should be, since there Bryce> are classes in other packages which need access to this Bryce> functionality. Bryce> I think we should move it to gnu.java.lang and make it Bryce> public. Same goes for java.lang.VMClassLoader. Does anyone Bryce> disagree? I asked about this a while back on the Classpath list. Well, I asked a different but related question, namely why the VM* classes are not in gnu.*. Mark Wielaard answered that this would let any code call these methods. Perhaps for certain methods this is necessary for VM security. In this particular case I doubt it matters. Is there an exploit available if you can find all the classes on the stack? Tom _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/classpath
