Always enforce ACC_SUPER
Florian Weimer
fweimer at redhat.com
Fri May 3 00:59:17 PDT 2013
On 05/18/2012 09:49 AM, Florian Weimer wrote:
> It has been observed that the easy way of creating non-cloneable classes
> does not work because classes can opt out of the ACC_SUPER handling:
>
> <http://mail.openjdk.java.net/pipermail/core-libs-dev/2010-August/004742.html>
>
>
> I don't think this is desirable, so I propose a patch to treat all
> classes as if they have ACC_SUPER set. A new product flag is
> introduced, ForceAccSuper, which defaults to true. Disabling it
> preserves the old behavior. I think that assuming the presence of
> ACC_SUPER rather than rejecting classes without it completely is safer
> because non-javac bytecode generators might forget to set ACC_SUPER.
>
> The patch is against the Hotspot in OpenJDK 7u4, but it should apply to
> other versions as well. It has been tested only lightly (on 7u4 and 8).
It seems that a variant of this patch made its way into jdk7u recently:
<http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/db7028c8a953>
--
Florian Weimer / Red Hat Product Security Team
More information about the hotspot-dev
mailing list