RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v3]

Mandy Chung mchung at openjdk.java.net
Thu Apr 29 18:20:53 UTC 2021

On Thu, 29 Apr 2021 10:31:29 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

> I think I expect that, with caller sensitive, it is possible from a client in an "enabled" module to obtain a MethodHandle, and then pass it to an unprivileged module, which then calls it, and works ok. This matches my expectation (this trick could be used also to give a client access to an otherwise inaccessible - in the classic sense - method).
> So, when working with method handles, I'm completely fine working with the lookup class as context (and not with the real caller class).

Good, this matches the behavior of method handles for CSMs.   However, I think the implementation does the opposite since we don't support interface method being CSM.  Can you test that out?

> Given all this, do you agree that current checks are not affected by interface-ness of some of the methods involved?

I think the implementation does not support that.   I will also need to look into how this impacts JDK-8266010.  As I suggest earlier, I'm fine to do this as a follow up after integration.


PR: https://git.openjdk.java.net/jdk/pull/3699

More information about the security-dev mailing list