harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Varlamov (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (HARMONY-5179) [drlvm][security] Accessing members of non-public class is allowed
Date Mon, 26 Nov 2007 12:09:43 GMT

     [ https://issues.apache.org/jira/browse/HARMONY-5179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alexey Varlamov reassigned HARMONY-5179:
----------------------------------------

    Assignee: Alexey Varlamov

> [drlvm][security] Accessing members of non-public class is allowed
> ------------------------------------------------------------------
>
>                 Key: HARMONY-5179
>                 URL: https://issues.apache.org/jira/browse/HARMONY-5179
>             Project: Harmony
>          Issue Type: Bug
>          Components: DRLVM
>            Reporter: Vasily Zakharov
>            Assignee: Alexey Varlamov
>
> If a class tries to access a public member of a non-public class loaded by different
class loader, DRLVM allows it, while RI and IBM VME throw IllegalAccessException.
> This may be a security hole.
> Here's the code to reproduce the bug:
> import java.net.*;
> public class Test {
>     public static void main(String[] args) {
>         try {
>             ClassLoader loader = new URLClassLoader(new URL[] { new URL("file:run.jar")
} );
>             loader.loadClass("Run").getMethod("run").invoke(null);
>             System.out.println("FAIL");
>         } catch (IllegalAccessException e) {
>             e.printStackTrace(System.out);
>             System.out.println("SUCCESS");
>         } catch (Exception e) {
>             e.printStackTrace(System.out);
>             System.out.println("FAIL");
>         }
>     }
> }
> class Run {
>     public static void run() {
>         System.out.println("Run.run()");
>     }
> }
> Put both classes to a file named Test.java, and run:
> $ javac Test.java
> $ jar cvf run.jar Run.class
> $ rm Run.class
> $ java Test
> Don't forget to remove Run.class, or the test would fail on any VM!
> Output on RI:
> java.lang.IllegalAccessException: Class Test can not access a member of class Run with
modifiers "public static"
>         at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:65)
>         at java.lang.reflect.Method.invoke(Method.java:578)
>         at Test.main(Test.java:6)
> SUCCESS
> Output on IBM VME:
> java.lang.IllegalAccessException
>         at java.lang.reflect.Method.invoke(Method.java:244)
>         at Test.main(Test.java:6)
> SUCCESS
> Output on DRLVM:
> Run.run()
> FAIL

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message