<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Yes, I think it's worth backporting to 25</p>
<p>Thanks</p>
<p>- Ioi</p>
<div class="moz-cite-prefix">On 2/19/26 3:59 AM, María Arias de
Reyna Dominguez wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAH4CYDVkcPM84QaOY2ppZHcswu23+c4S3yTr2qx1Cn=5yr-Q=g@mail.gmail.com">
<div dir="ltr">
<div>Hi!</div>
<div><br>
</div>
<div>Is there a reason not to port this to JDK25? Because if
there ain't, I want to port it.</div>
<div><br>
</div>
<div>Cheers!</div>
<div>María.</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Sun, Feb 15, 2026 at
6:45 AM <<a href="mailto:ioi.lam@oracle.com" moz-do-not-send="true" class="moz-txt-link-freetext">ioi.lam@oracle.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi Aman,</p>
<p><br>
</p>
<p>Thanks for the bug report. I have created a PR to fix
this issue:</p>
<p><br>
</p>
<p><a href="https://urldefense.com/v3/__https://github.com/openjdk/jdk/pull/29728__;!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12M2fvjkJc$" target="_blank" moz-do-not-send="true">https://github.com/openjdk/jdk/pull/29728</a></p>
<p><br>
</p>
<p>- Ioi</p>
<p><br>
</p>
<div>On 1/30/26 2:53 AM, Aman Sharma wrote:<br>
</div>
<blockquote type="cite">
<div id="m_5158190864462757391divtagdefaultwrapper" dir="ltr" style="font-size:12pt;color:rgb(0,0,0);font-family:Garamond,Georgia,serif,"EmojiFont","Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbols">
<p><font face="Garamond,Georgia,serif,EmojiFont,Apple Color Emoji,Segoe UI Emoji,NotoColorEmoji,Segoe UI Symbol,Android Emoji,EmojiSymbols" size="3" color="black"><span id="m_5158190864462757391divtagdefaultwrapper" style="font-size:12pt"><font face="Garamond,Georgia,serif,EmojiFont,Apple Color Emoji,Segoe UI Emoji,NotoColorEmoji,Segoe UI Symbol,Android Emoji,EmojiSymbols" size="3" color="black"><span id="m_5158190864462757391divtagdefaultwrapper" style="font-size:12pt"></span></font></span></font></p>
<font face="Garamond,Georgia,serif,EmojiFont,Apple Color Emoji,Segoe UI Emoji,NotoColorEmoji,Segoe UI Symbol,Android Emoji,EmojiSymbols" size="3" color="black"><font face="Garamond,Georgia,serif,EmojiFont,Apple Color Emoji,Segoe UI Emoji,NotoColorEmoji,Segoe UI Symbol,Android Emoji,EmojiSymbols" size="3" color="black">
<div style="margin-top:0px;margin-bottom:0px">Hi
all,</div>
<div style="margin-top:0px;margin-bottom:0px"><br>
</div>
<div style="margin-top:0px;margin-bottom:0px">I have
been playing around with AOTCache and I tried a
small with it experiment whose idea was to shadow
a class using AOTCache. By class shadowing, I mean
loading a different class than intended but they
both share the same fully qualified name. We also
explored this concept in the paper: <a href="https://urldefense.com/v3/__https://arxiv.org/abs/2407.18760v4__;!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12MWNbNI6c$" target="_blank" moz-do-not-send="true"><span>Maven-Hijack:
Software Supply Chain Attack Exploiting
Packaging Order</span></a>, and now I am
trying to extend it to AOTCache.</div>
<div style="margin-top:0px;margin-bottom:0px"><br>
</div>
<div style="margin-top:0px;margin-bottom:0px">The
steps in the experiment are based on <a href="https://urldefense.com/v3/__https://github.com/chains-project/maven-hijack-poc__;!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12MToKQONo$" rel="noopener noreferrer" target="_blank" moz-do-not-send="true"> POC</a> from the same
paper and are written briefly below. The exact
commands are documented <a href="https://urldefense.com/v3/__https://github.com/chains-project/maven-hijack-poc/blob/main/java/maven/abstract-project/AOTCache.md__;!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12M9r6gjyE$" target="_blank" moz-do-not-send="true"> here</a>.</div>
<ol style="margin-top:0px;margin-bottom:0px">
<li>Build the application with one of the
dependencies having malicious class. The
malicious class has the same name as one of the
other classes, say `org.postrgresql.Driver` but
<a href="https://urldefense.com/v3/__https://github.com/chains-project/maven-hijack-poc/blob/0310de24103a55d1f51f70ef625933a40a7a55b3/java/maven/abstract-project/install-me-first/D11/src/main/java/org/postgresql/Driver.java*L8-L23__;Iw!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12Md5v-MsY$" target="_blank" moz-do-not-send="true"> has
malicious contents</a>.</li>
<li>Create an AOTCache using these dependencies in
jar. <i>This creates a "polluted AOTCache".</i></li>
<li>Now using the polluted cache, run the
application that is packaged with genuine
dependencies. Apparently, the JVM
initializes the malicious class from AOTCache
instead of loading it from classpath. In other
words, `<span style="font-family:"Courier New",monospace">java
-XX:AOTCache=maven.aot -jar
target/victim-1.0.jar</span>` and `<span style="font-family:"Courier New",monospace">java -jar
target/victim-1.0.jar</span>` give different
outputs.</li>
</ol>
<div><br>
</div>
<div>I see this as a weakness if the poisoned
AOTCache is distributed as an artifact for
consumers to be used because maybe it is not
expected from consumers to perform a training run
themselves. I believe there should be some sort of
integrity checks before a class is initialized
from AOTCache. I noticed there are <a href="https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/e3b5b261af6acbe7ab074f301c70283b06c17d39/src/hotspot/share/code/aotCodeCache.cpp*L435__;Iw!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12M2grxqBY$" target="_blank" moz-do-not-send="true"> already
some</a> (please share if there are more, and I
have missed them), but none of them relate to what
I am mentioning. I am happy to listen to
some thoughts on this.</div>
</font></font>
<p><br>
</p>
<div id="m_5158190864462757391Signature">
<div id="m_5158190864462757391divtagdefaultwrapper" dir="ltr" style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,"EmojiFont","Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbols">
<div id="m_5158190864462757391m_4935352394101912768Signature">
<div name="divtagdefaultwrapper"><font size="2" color="#808080"><span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif;background-color:rgb(255,255,255)"><span id="m_5158190864462757391divtagdefaultwrapper" style="font-size:12pt">
<div style="margin-top:0px;margin-bottom:0px"><span style="color:rgb(0,0,0);font-family:Garamond,Georgia,serif">Regards,</span></div>
<span style="font-family:Garamond,Georgia,serif"></span><span style="font-family:Garamond,Georgia,serif"></span><span style="color:rgb(0,0,0)"></span><span style="font-family:Garamond,Georgia,serif"></span><span style="font-family:Garamond,Georgia,serif"></span>
<div style="margin-top:0px;margin-bottom:0px"><span style="color:rgb(0,0,0);font-family:Garamond,Georgia,serif">Aman Sharma</span></div>
</span><br>
</span></font></div>
<div name="divtagdefaultwrapper"><font size="2" color="#808080"><span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif;background-color:rgb(255,255,255)"></span><span>PhD
Student<br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">
<span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif;background-color:rgb(255,255,255)">KTH
Royal Institute of Technology</span><br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">
</span><span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif;background-color:rgb(255,255,255)">School
of Electrical Engineering and Computer
Science (EECS)</span><br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">
<span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif;background-color:rgb(255,255,255)">Department
of Theoretical Computer Science (TCS)</span><br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">
<span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif;background-color:rgb(255,255,255)"></span></font></div>
</div>
<a href="https://urldefense.com/v3/__https://www.kth.se/profile/amansha__;!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12Mmqili_8$" id="m_5158190864462757391LPNoLP" target="_blank" moz-do-not-send="true"><span style="font-size:10pt"></span></a><a href="https://urldefense.com/v3/__https://algomaster99.github.io/__;!!ACWV5N9M2RV99hQ!KsE2fK3xBtpr78EttB-D0dK45XNk7kwPuHWu7XKqhwgMBGJ4LfdEmi2FqbCSJeKeYlyhl12MePVOr8E$" id="m_5158190864462757391LPNoLP" target="_blank" moz-do-not-send="true">https://algomaster99.github.io/</a><br>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>