Does Java do anything to prevent files from changing out from under it?
Xueming Shen
Xueming.Shen at Sun.COM
Wed May 14 21:10:51 UTC 2008
Pete Soper wrote:
> Peter B. Kessler wrote:
>> Does the Java platform do anything to prevent files from changing
>> out from under it? E.g., once one has opened a jar file for class
>> loading, could a malicious (or oblivious) user write to the jar
>> file and disturb the VM? Or is that all relegated to "the operating
>> system", file system permissions, etc.?
>>
>> ... peter
> No, yes, and yes for Sun Java SE on Solaris, Linux, and Windows. But
> somebody can just dd /dev/zero over the top of a raw disk device too
> if they "just have the permissions."
>
> Deletion of a file is prevented by another process having it open on
> Windows, but that doesn't keep it from being overwritten and for
> rt.jar the program will explode when it tries to load the next class
> (depending on where the damage is).
>
> -Pete
>
If someone has the permission to touch your rt.jar and/or the access to
the rest of the filesystem, your app,
the jvm and the system are no longer secured anyway.
More information about the core-libs-dev
mailing list