Archie Cobbs wrote: > Trying to fully understand... pardon my questions.. why is creating > a user-defined class loader not "safe"?
I don't know. In the history of Java there have been many security holes related to class loading, so I'm guessing it's just caution. > Just because you load your own classes doesn't mean they aren't > subject to whatever SecurityManager is in place, right? > So how could they do anything not already allowed? In theory you're right, but in practice the VMs probably have lots of bugs. > Also, I thought the VM spec required java.lang.* could only be > loaded by the bootstrap loader. Do you have an example source file > that demonstrates this bug? Attached. Regards, Jeroen
Crash.java
Description: Crash.java
_______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
