>>>>> "Wolfgang" == Wolfgang Hoschek <[EMAIL PROTECTED]> writes:
Wolfgang> There is a serious security bug in a major fraction of
Wolfgang> VMs. Some VMs do not check access specifiers at
Wolfgang> runtime. This allows you to access private data with
Wolfgang> either a hacked compiler, direct editing of byte code,
Wolfgang> or a simple recompile. For details, see
Wolfgang> http://metalab.unc.edu/javafaq/
That's not really new.
If you follow Sun's recommendation and use the '-Xfuture' switch you
should get an IllegalAccessError on all Java2 VMs.
>From the tool docs:
-Xfuture
Perform strict class-file format checks. For purposes of
backwards compatibility, the default format checks
performed by the Java 2 SDK's virtual machine are no
stricter than the checks performed by 1.1.x versions of
the JDK software. The -Xfuture flag turns on stricter
class-file format checks that enforce closer conformance
to the class-file format specification. Developers are
encouraged to use this flag when developing new code
because the stricter checks will become the default in
future releases of the Java application launcher.
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux.html
JVM'01: http://www.usenix.org/events/jvm01/
----------------------------------------------------------------------
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
