Review Request: JDK-8020801: Apply the restriction of invoking MethodHandles.lookup to j.l.r.Method.invoke

Mandy Chung mandy.chung at
Tue May 2 02:37:08 UTC 2017


The big hammer check disallowing MethodHandles::lookup be called by system
classes defined by the bootstrap class loader was added as defense-in-depth
to prevent this caller-sensitive method being called from JDK internal classes
via Method::invoke.  It was intended as a point fix and to be replaced
with a long-term approach.  Lookup.privateLookupIn() returns a Lookup object
and IAE is thrown if the lookup class is almost all java.* and sun.* [1].
We should fix this in JDK 9.

This patch replaces this restriction and now allow MethodHandles::lookup to
be called statically by any code.  But disallow Method::invoke of 
MethodHandles.lookup from system classes defined by the bootstrap class loader
e.g. java.base.  It is expected that no reflective call to
MethodHandles::lookup is made by the system classes and so this approach
would provide a better mechanism as a defense-in-depth.


More information about the jigsaw-dev mailing list