avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen McConnell <mcconn...@apache.org>
Subject Re: [patch] Add listeners for logger creation
Date Tue, 04 Feb 2003 03:04:03 GMT

Noel J. Bergman wrote:

>>If you declare state members as private, the bytecode gets hacked around
>>during compilation to enable package level  access so that the inner
>>class can access the private members it is referencing.  If you use
>>reflection you can access methods and members that you figured where
>>private at design time.
>Is that all?  A friend of mine hacks the JVM all the time.  Maybe I've just
>gotten jaded, but the JVM just isn't secure enough that way to worry about
>For example:
>public class victim
>	public String mc = "Can't touch this.";
>public class attacker
>	static public void main(String[] args)
>	{
>		System.out.println((new victim()).mc);
>	}
>Compile both.  Change victim so that mc is private.  Recompile victim only.
>Run attacker.  And this doesn't even include all of the fun I can have with
>dynamically generated bytecodes.  :-)

I'm aware of the EJB stuff - but I wasn't aware of the above scenario ...
This is nasty!

Cheers, Steve.


Stephen J. McConnell

To unsubscribe, e-mail: avalon-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: avalon-dev-help@jakarta.apache.org

View raw message