Replacing Unsafe.allocateInstance
Henri Tremblay
henri at tremblay.pro
Tue Jun 30 17:25:12 UTC 2015
Thanks. That was my understanding.
So I would put the same kind of restriction on the new API. Something close
to "suppressAccessChecks" used in setAccessible
On 30 June 2015 at 13:19, Chris Hegarty <chris.hegarty at oracle.com> wrote:
> On 30 Jun 2015, at 16:03, Henri Tremblay <henri at tremblay.pro> wrote:
>
> ….
> > Then, I want to make sure I got the security problem right. Right now,
> the
> > ReflectionFactory isn't protected by anything apart the fact the it is
> in a
> > sun.* package. So if we move it in a java.* package, we will need to
> > provide a way to add security to it. Am I getting it?
>
> sun.* is on the restricted package list and not directly accessible by
> untrusted code ( when running with a security manager ).
>
> -Chris
More information about the jdk9-dev
mailing list