#ReflectiveAccessByInstrumentationAgents
Peter Levart
peter.levart at gmail.com
Thu May 5 22:26:56 UTC 2016
On 05/05/2016 09:50 PM, Alan Bateman wrote:
>
> On 05/05/2016 17:31, Andrew Dinn wrote:
>> :
>>
>> I looked at several ways of making this work and decided the best thing
>> was to have the agent redefine AccessibleObject.checkCanSetAccessible so
>> that it grants Byteman code (specifically one Byteman class called Rule)
>> free reign when it calls this method. This still retains security
>> manager checks made around this call. Choosing this method targets the
>> code which does module access checks.
>>
> This is very fragile because checkCanSetAccessible is not part of the
> API and may go away or change at any time.
>
> Have you looked at injecting code in the victim module that invokes
> Module addExports to export the packages to the Byteman modules
> (modules plural because it sounds like the code is split between the
> unnamed module of the app class loader and the unnamed modulie of the
> boot loader).
>
> -Alan
What about adding an all-powers addModuleExports(module, pn, other)
method to java.lang.instrument.Instrumentation (like it was done with
addModuleReads) to simplify the agent's task? An agent could be
considered trusted code, couldn't it?
Regards, Peter
More information about the jigsaw-dev
mailing list