New proposal for #ReflectiveAccessToNonExportedTypes: Open modules & open packages
Remi Forax
forax at univ-mlv.fr
Tue Nov 1 15:17:05 UTC 2016
----- Mail original -----
> De: "David M. Lloyd" <david.lloyd at redhat.com>
> À: jigsaw-dev at openjdk.java.net
> Envoyé: Mardi 1 Novembre 2016 15:39:01
> Objet: Re: New proposal for #ReflectiveAccessToNonExportedTypes: Open modules & open packages
> On 11/01/2016 09:23 AM, John Rose wrote:
>> On Nov 1, 2016, at 10:22 AM, Jochen Theodorou <blackdrag at gmx.org> wrote:
>>>
>>> Can we clarify "privileged code"? Privileged like in a SecurityManager in a
>>> PrivilegedAction for example, for privileged like only jdk internal code? Just
>>> to see it black on white ;)
>>
>> Good question: I mean the basic JDK platform implementation. Something deep in
>> java.base. Like Unsafe.
>
> I don't see why this can't be a "regular" API though, rather than a
> super-user sledgehammer every single time. If user code can be
> statically granted access, and that user code can deliberately acquire a
> narrowly-scoped object which can access those Lookups/*Handles, then
> isn't that better than using Unsafe, which not only represents
> unrestricted system-wide access, but can undermine even the JVM's
> integrity if leaked?
>
It's better than Unsafe because as a user you have to grant access by using by example an annotation,
and you can specifies friends and/or what you want to export (only private/only package private, etc).
But if the API returns a Lookup object and a client code with granted access exposes that lookup, all bets are off.
> --
> - DML
Rémi
More information about the jigsaw-dev
mailing list