harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: [general] compatibility packages
Date Sun, 13 Aug 2006 22:34:47 GMT


Dalibor Topic wrote:

> First part of the problem was the JavaScript bridge, which allowed
> access to sun.* code, and the second part was sun.misc.Unsafe, which
> allows kicking the legs under the Java security mechanism in three lines
> of pure Java code, once you get access to it.
> 
> The exploit only works on VMs with a sun.misc.Unsafe class, obviously.
> Microsoft's JVM is not affected.

Are you suggesting that by the very nature of being named
'sun.misc.Unsafe' there's a problem or might it simply be a bug in the
implementation?

If we took the j.u.c code and renamed the package, we'd be ok?

geir

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message