New proposal for #ReflectiveAccessToNonExportedTypes: Open modules & open packages
Jochen Theodorou
blackdrag at gmx.org
Tue Nov 1 14:22:07 UTC 2016
On 01.11.2016 15:04, John Rose wrote:
> On Nov 1, 2016, at 9:53 AM, David M. Lloyd <david.lloyd at redhat.com> wrote:
>>
>> 1. It requires the target class to be initialized
>> 2. It requires the target class to proactively donate MethodHandles or a Lookup to the lookup class
>
> Both of these can be overcome, though only by privileged code.
> The privileged code would forge (uh, "mint") a legitimate Lookup to the not-yet-initialized class.
> A "Vault" meta-framework doesn't need to inject a Lookup donation statement into anybody's <clinit>.
> Instead, it needs to do the super-user operation of making a trusted lookup.
> It must also fulfill the super-user *responsibility* of not leaking such lookups, just using them in a predictable, rule-based manner.
Can we clarify "privileged code"? Privileged like in a SecurityManager
in a PrivilegedAction for example, for privileged like only jdk internal
code? Just to see it black on white ;)
bye Jochen
More information about the jigsaw-dev
mailing list