harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeroen Frijters" <jer...@sumatra.nl>
Subject RE: [general] compatibility packages
Date Sun, 13 Aug 2006 08:55:54 GMT
Dalibor Topic wrote:
> First part of the problem was the JavaScript bridge, which allowed
> access to sun.* code, and the second part was sun.misc.Unsafe, which
> allows kicking the legs under the Java security mechanism in 
> three lines of pure Java code, once you get access to it.

I respectfully disagree. The fact that the access controls around
sun.misc.Unsafe failed was the problem, not the functionality it
provides. You can clear the security manager with reflection too, but we
rely on the access controls in reflection to protect us against that, if
they fail, do you want to remove reflection as well?

> I am not aware of any other potentially useful code that uses
> sun.misc.Unsafe, but I'd appreciate pointers.

I've seen code that had their own implementation of
Object[In|Out]putStream, you cannot do that in pure Java (which is
lame), but they managed to do it by using sun.reflect.* classes I
believe.

Regards,
Jeroen

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message