RFR: 6983726: remove Proxy from MethodHandleProxies.asInterfaceInstance SAM conversion [v8]
Johannes Kuhn
jkuhn at openjdk.org
Thu Apr 6 19:37:19 UTC 2023
On Thu, 6 Apr 2023 19:22:56 GMT, Mandy Chung <mchung at openjdk.org> wrote:
> This seems a concern if the target method handle should not have access to the class in that module.
MethodHandle access is checked when the MethodHandle is created.
For `@CallerSensitive` methods, the MethodHandle is additionally bound to the lookup class.
Also see [`java.lang.invoke.ConstantBootstraps.invoke`](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/invoke/ConstantBootstraps.html#invoke%28java.lang.invoke.MethodHandles.Lookup,java.lang.String,java.lang.Class,java.lang.invoke.MethodHandle,java.lang.Object...%29). If calling an arbitrary MethodHandle from a module could be a problem, then that is an easier target.
> W.r.t. the no-arg constructor, I would consider another level of defense to make the constructor to take Lookup of itself and throw an IAE if the lookup class is not itself or it does not have ORIGINAL access.
Without that defense you can create a new instance (if you have a reference to the hidden class) that does exactly the same thing as the original instance.
Other than `getClass` on the original object, `StackWalker` comes to mind as a way to obtain the class reference.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13197#issuecomment-1499523476
More information about the core-libs-dev
mailing list