Replacement of sun.reflect.Reflection#getCallerClass

Mandy Chung mandy.chung at oracle.com
Tue Sep 3 14:30:00 UTC 2013


On 9/3/2013 5:52 AM, Nick Williams wrote:
> Do, I don't understand the rationale. Alan said the security issues couldn't be discussed openly. I can get a Class object MANY different ways without a security check. I don't see or understand any vulnerabilities here. I'm going to need much more information in order to contribute to the discussion in an informed manner.

The Java security guideline is a good starting point.
    http://www.oracle.com/technetwork/java/seccodeguide-139067.html#4
> And, has been stated many, many times, this non-goal is incompatible with the community's needs. Now, there /is/ a way to avoid making @CallerSensitive public (which the community doesn't care about) while still making getCallerClass public (which is really what the community needs). In order to do so, you must remove the check that requires the method calling getCallerClass/getCallerFrame to be annotated with @CallerSensitive. Once you remove that check, you don't need @CallerSensitive to be public. To be clear, though, once you remove that check, you don't need @CallerSensitive /at all/. It can simply go away.

Do you mean sun.reflect.CallerSensitive can go away?  This is very 
important part of the design that we need to detect which methods are 
caller-sensitive.   I keep seeing you suggest this and it is unclear to 
me if you only mean to remove java.lang. at CallerSensitive in your proposal.

Mandy



More information about the core-libs-dev mailing list