AccessibleObject.setAccessible() backward compatibility
Tim Boudreau
niftiness at gmail.com
Fri Sep 11 20:14:56 UTC 2015
>
> >> If the implementation of MethodHandle uses setAccessible() (I don't know
> >> its internals), then this Java 0day would qualify:
> >
> > It does not as far as I know.
> > It's the opposite, if you want to bypass the security sandbox with a
> MethodHandle,
> > you have to use reflection + setAccessible and then use
> Lookup.unreflect*().
>
Point taken.
Regardless, if one of the problems we want to solve here is security
related, then having a security sandbox you really can't bypass, even
reflectively, is not a bad idea at all.
-Tim
More information about the jpms-spec-experts
mailing list