RFR: 6983726: remove Proxy from MethodHandleProxies.asInterfaceInstance SAM conversion [v6]
Chen Liang
liach at openjdk.org
Thu Apr 6 16:27:18 UTC 2023
On Thu, 6 Apr 2023 16:15:16 GMT, Johannes Kuhn <jkuhn at openjdk.org> wrote:
>> I'm not sure how the example shows that this is a security vulnerability? It still works fine without the call to `isWrapperInstance` (even if you switch to using jdk.internal.misc.Unsafe.class, although that also requires `--add-exports` when compiling)
>
> Sorry, you are supposed to run it with an installed `SecurityManager` of course.
> With an installed `SecurityManager` you should not be able to access classes in `sun.misc`.
Guess I will just nuke the annotation and check for its implemented clause instead.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1160016503
More information about the core-libs-dev
mailing list