New proposal for #ReflectiveAccessToNonExportedTypes: Open modules & open packages
John Rose
john.r.rose at oracle.com
Tue Nov 1 14:04:33 UTC 2016
On Nov 1, 2016, at 9:53 AM, David M. Lloyd <david.lloyd at redhat.com> wrote:
>
> 1. It requires the target class to be initialized
> 2. It requires the target class to proactively donate MethodHandles or a Lookup to the lookup class
Both of these can be overcome, though only by privileged code.
The privileged code would forge (uh, "mint") a legitimate Lookup to the not-yet-initialized class.
A "Vault" meta-framework doesn't need to inject a Lookup donation statement into anybody's <clinit>.
Instead, it needs to do the super-user operation of making a trusted lookup.
It must also fulfill the super-user *responsibility* of not leaking such lookups, just using them in a predictable, rule-based manner.
— John
More information about the jigsaw-dev
mailing list