Replacement for sun.misc.Unsafe.allocateInstance(Class<?>) ?
Florian Weimer
fweimer at redhat.com
Sat Aug 1 22:38:33 UTC 2015
On 08/01/2015 10:57 AM, Andrew Haley wrote:
> However, the security problems are great. I haven't heard any
> suggestion about how to expose this feature to user-created libraries
> without breaking Java security, and I suspect there may be none.
Are the problems greater than those of general reflection after
setAccessible(true)? I don't think so. I think the main objection
would be philosophical (against adding yet more trapdoors). I respect
that—but at the same time, there does not seem to be a core technical
requirement why a suitable API with a proper permission check could not
be added to the JDK.
--
Florian Weimer / Red Hat Product Security
More information about the core-libs-dev
mailing list