JEP 411, removal of finalizers, a path forward.

Alan Bateman Alan.Bateman at oracle.com
Sat Jul 31 07:35:06 UTC 2021


On 31/07/2021 04:04, Peter Firmstone wrote:
>
> Allan has advised when finalizers are removed, it will be practical to 
> use Agents to instrument public API to implement an authorization 
> layer, this is try, so can it be coordinated with JEP 411 et al?
>
Our exchange was about instrumenting constructors that specify SM 
permission checks and where the classes that define these constructors 
have been hardened to thwart finalizer attacks. It wasn't a comment on 
the bigger question on how practical it is to use instrumented the 
entire JDK. Once you get further on then I assume a big challenge will 
be with APIs that separate the interface and implementation (think 
factory methods, APIs that define service provider interfaces ...). Here 
I expect you will want to instrument the implementation classes. Going 
deeper, you may find places where the SM check isn't on method entry but 
instead after defensive copying of mutable parameters or after acquiring 
a lock that prevents mutation while do a security sensitive operations. 
So non-trivial but a fun approach to explore. If you have the cycles 
then pick a version and try it. That will give you a sense on how much 
effort may be required to keep up and be confident that every 
interesting code path is covered.

-Alan





More information about the security-dev mailing list