Module file parse API
chris hegarty
chris.hegarty at oracle.com
Mon Jun 18 09:49:32 PDT 2012
On 18/06/2012 17:37, Paul Sandoz wrote:
> On Jun 18, 2012, at 4:16 PM, Chris Hegarty wrote:
>>> - IIRC the complete size of the jmod file is encoded in the file itself, thus after the file header has been read we can wrap everything around a CountingInputStream.
>>
>> I really like this idea too, but I need to think carefully about the impact of concatenating some rogue module to another module file.
>
> Signed modules?
>
> Why does using a CountingInputStream over the content introduce a security issue?
I was thinking that if the reader/installer was able to parse multiple
module files from a single input stream something like this may be a
problem...
cat foo.jmod bar.jmod > foo.jmod
jmod install foo.jmod
jmod ls
foo
bar
It just means that the installer is responsible for handling this
situation rather than the parser.
-Chris.
>
> Paul.
More information about the jigsaw-dev
mailing list