felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "BOTTARO Andre RD-MAPS-GRE" <andre.bott...@orange-ftgroup.com>
Subject Code sharing and code isolation
Date Wed, 17 Jan 2007 15:39:48 GMT
For security purposes, I would like to prevent bundles from using classes that belong to private
packages of any bundle.

I checked that if I have a hacking bundle (B) with the following code, it will be able to
call a method (criticalAlert) on a private class (private.packages.Sample) of a bundle (A),
i.e. a class which neither exported by A nor imported by B. In order to do that, B must acces
the classloader of A, thus I suppose that B imports an exported package (public.packages)
from A:

	public void start(BundleContext bc) throws Exception {	
		//Getting an instance of an exported class from A...
		public.packages.Sample sample = new public.packages.Sample();
		//Trying to access the private class from A...
		ClassLoader loader = sample.getClass().getClassLoader();
		Class clazz = loader.loadClass("private.packages.Sample");
		Object o = clazz.newInstance();
		Method m = o.getClass().getMethod("criticalAlert", new Class[]{});
		m.invoke(o,new Object[]{});

So, tell me if I am wrong, the OSGi solution to this bundle isolation issue is to use Java
2 permissions (with OSGi CPA or PA) to forbid the use of reflection (Class.newInstance and
java.lang.reflect) to untrusted bundles. 

There is also another threat (even more direct) in OSGi R4 : the use of Fragments. Are there
other threats ?


View raw message