Review Request: JDK-8020801: Apply the restriction of invoking MethodHandles.lookup to j.l.r.Method.invoke
Mandy Chung
mandy.chung at oracle.com
Tue May 2 02:37:08 UTC 2017
Webrev:
http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8020801/webrev.00/
The big hammer check disallowing MethodHandles::lookup be called by system
classes defined by the bootstrap class loader was added as defense-in-depth
to prevent this caller-sensitive method being called from JDK internal classes
via Method::invoke. It was intended as a point fix and to be replaced
with a long-term approach. Lookup.privateLookupIn() returns a Lookup object
and IAE is thrown if the lookup class is almost all java.* and sun.* [1].
We should fix this in JDK 9.
This patch replaces this restriction and now allow MethodHandles::lookup to
be called statically by any code. But disallow Method::invoke of
MethodHandles.lookup from system classes defined by the bootstrap class loader
e.g. java.base. It is expected that no reflective call to
MethodHandles::lookup is made by the system classes and so this approach
would provide a better mechanism as a defense-in-depth.
Mandy
[1] http://mail.openjdk.java.net/pipermail/jigsaw-dev/2017-April/012267.html
More information about the core-libs-dev
mailing list