RFR: 8217920: Lookup.defineClass injects a class that can access private members of any class in its own module [v2]
Mandy Chung
mchung at openjdk.org
Thu Jan 26 22:27:36 UTC 2023
> Currently, a `Lookup` object with `PACKAGE` access can be used to inject a class in the runtime package of the Lookup's lookup class via `Lookup::defineClass`. The classes that are injected have the same access as other members in the module and can access private members of all types in the module via reflection.
>
> However, changing `Lookup.defineClass` to require full privilege access (`PRIVATE` + `MODULE`) is an incompatible change that would break existing frameworks which use `privateLookupIn` and `Lookup::defineClass` to inject auxiliary classes in a module. A module authorizes the framework by opening a package for it to access and `Lookup::defineClass` was the supported replacement for `setAccessible` on `ClassLoader::defineClass` hack in JDK 9.
>
> This PR proposes to keep existing behavior and provide better documentation to help developers to beware of the permissions given out when opening a package to another module. A class injected in a module has the same privilege as other module members.
Mandy Chung has updated the pull request incrementally with one additional commit since the last revision:
review feedback
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/12236/files
- new: https://git.openjdk.org/jdk/pull/12236/files/a1d09325..4d3e879c
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=12236&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=12236&range=00-01
Stats: 13 lines in 2 files changed: 0 ins; 2 del; 11 mod
Patch: https://git.openjdk.org/jdk/pull/12236.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/12236/head:pull/12236
PR: https://git.openjdk.org/jdk/pull/12236
More information about the core-libs-dev
mailing list