On 06/05/2016 09:47, Andrew Dinn wrote:
What I don't want to do is export the API provided by a concealed
class/package that exposes a module check -free setAccessible to
anything other than the Byteman class which uses it. If I follow your
suggestion then I would potentially expose setAccessible to any class in
the system classpath. So, rather than use module import/export checks I
think I need to employ a caller class check.
A caller check seems overkill here but to your point, yes, if you coerce
the target module to export packages to the unnamed module of the app
class loader then it means that anything on the class path can access
public types in those packages or they can use setAccessible(true) to
hack into non-public types and members. From your earlier mails then it
might be that you only need to export to the unnamed module of the boot
loader so maybe this is not a concern.
There are other more sophisticated approaches but I'm not sure if it's
worth going into them now. For example deploying java agents as explicit
modules (open question on whether this is needed in the short term) or
using dynamic modules. I think that is a topic for another thread and
another day.
-Alan
