RFC (round 1), JEP draft: Low-level Object layout introspection methods

Michael Kuhlmann jdk at fiolino.de
Mon Aug 17 15:19:17 UTC 2020

On 8/17/20 4:57 PM, Peter Levart wrote:
> On 8/17/20 2:55 PM, Michael Kuhlmann wrote:
>> ...
>> I don't fully get it. If the idea is that evil attackers shouldn't be 
>> able to read confidential information from Java objects, then adding 
>> a secret offset won't help. You can just create a unique object, e.g. 
>> an array filled with some data, and scan the whole heap for that. 
>> Then you can easily calculate the distance between this and any other 
>> object and read or modify its content.
> Yeah, you can do it if you are evil and have access to Unsafe also. 
> This is not a security concern. It is a concern that otherwise kind 
> people will start abusing the API to code useful programs that will 
> later fail when the information API suddenly starts returning 
> "unknown" values.
> Regards, Peter
True, but when Unsafe is not available any more, you can't do much with 
these numbers at all. Then it doesn't matter if the number if the 
concrete memory address or not, you can't access it anyway except using JNI.

So why adding an offset? It gives the false impression that it could be 
more secure, which is not the case.

Regards, Michael

More information about the jdk-dev mailing list