Dalibor Topic wrote:
> First part of the problem was the JavaScript bridge, which allowed > access to sun.* code, and the second part was sun.misc.Unsafe, which > allows kicking the legs under the Java security mechanism in three lines > of pure Java code, once you get access to it. > > The exploit only works on VMs with a sun.misc.Unsafe class, obviously. > Microsoft's JVM is not affected. Are you suggesting that by the very nature of being named 'sun.misc.Unsafe' there's a problem or might it simply be a bug in the implementation? If we took the j.u.c code and renamed the package, we'd be ok? geir --------------------------------------------------------------------- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
