Am Freitag, 26. November 2004 10:38 schrieb Jeroen Frijters: > Michael Koch wrote: > > Did I said I don't like it ? > > That's the impression I got when we first discussed this. > > > I read some interesting paper from Marc Schoenefeld latetly about > > how he exploited bugs in SUNs JDK. He has written some tool that > > uses reflection to test public constructors and methods in sun.* > > packages. > > That doesn't make sense. Untrusted code is not allowed access to > the sun.* packages (unless you're running on Opera, which > apparently had a bug), so there is no point. > > > We should really make this impossible. Limiting access to some > > packages in gnu.* namespace (not all) is a good idea. E.g. > > gnu.java.nio.* should be restricted, gnu.regexp.* not. > > Right. We can disallow gnu.* and then selectively allow some > packages.
What do you do if someone writes a package gnu.foobar and wants to access it ? There are some gnu.* packages out there. Do you want to maintain the list of packages to allow ? The list of packages we need to limit access too is much leaner and well known to us as the packages are maintained under our control. > > This restriction should allow access from java.io, java.nio, > > java.lang, > > > java.net, etc. but not from non-standard packages like > > java.foobar. And we have to somehow make sure malicious code can > > not introduce classes into the standard packages. > > That isn't how it works. It's class loader based, all code loaded > by the bootstrap class loader will have access to the gnu.* > packages. Sorry, you are right. Michael -- Homepage: http://www.worldforge.org/ _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
