JNI Signal Chaining and OWASP (Security)
David Holmes
david.holmes at oracle.com
Mon Apr 15 13:04:13 UTC 2019
On 15/04/2019 10:22 pm, Florian Weimer wrote:
> * David Holmes:
>
>> On 12/04/2019 9:31 pm, Florian Weimer wrote:
>>> * Hank Edwards:
>>>
>>>> I work on a product that provides a JNI wrapper around a native API,
>>>> we currently use LD_PRELOAD to enable signal chaining.
>>>
>>> What is signal chaining? Why do you need it?
>>
>> https://docs.oracle.com/javase/8/docs/technotes/guides/vm/signal-chaining.html
>
> Yikes.
>
> Has there been an attempt to come up with an interface which does not
> rely on symbol interposition?
I'm not aware of any issue with signal chaining that would have
warranted any such attempt. This was, as far as I understand it, a
point-solution for a specific problem, and it solved that problem.
Anyway this isn't a topic of discussion for the discuss list. Technical
discussion can happen on hotspot-dev - though I don't know who may have
knowledge of OWASP. An interposition library is by definition
code-injection.
David
> Thanks,
> Florian
>
More information about the discuss
mailing list