commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <robertburrelldon...@blueyonder.co.uk>
Subject Re: [logging] tech.xml - child-first classloading not considered harmful
Date Wed, 04 May 2005 20:38:41 GMT
On Wed, 2005-05-04 at 13:03 -0700, Mike Colbert wrote:
> > in the case of a parent-first classloader, the buggy implementation
> > would not be exposed since the call would be delegated to the system
> > classloader. in the case of a child-first classloader, a buggy
> > implementation may try to define SecurityManager itself and this bug
> > exploited.
> 
> This would mean an attacker would have to take advantage of a bug in a class
> loader which allows them to load a malicious SecurityManager in such a way that
> it would be shared by all applications.  I can kind of see how parent-first
> delegation would mitigate this, but one would think that with appropriate
> levels of class loader isolation in place the delegation order becomes a
> non-issue.  Maybe the bug has something to do with broken isolation.

i was thinking that a malicious SecurityManager implementation might
allow an application to break out of it's sandbox but i'm not an expert
and this is really just speculation on my part. i don't think that this
kind of attack is any sort of realistic threat. this would be a good
time for craig to jump in...

- robert


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message