RFC (round 1), JEP draft: Low-level Object layout introspection methods
jdk at fiolino.de
Mon Aug 17 15:19:17 UTC 2020
On 8/17/20 4:57 PM, Peter Levart wrote:
> On 8/17/20 2:55 PM, Michael Kuhlmann wrote:
>> I don't fully get it. If the idea is that evil attackers shouldn't be
>> able to read confidential information from Java objects, then adding
>> a secret offset won't help. You can just create a unique object, e.g.
>> an array filled with some data, and scan the whole heap for that.
>> Then you can easily calculate the distance between this and any other
>> object and read or modify its content.
> Yeah, you can do it if you are evil and have access to Unsafe also.
> This is not a security concern. It is a concern that otherwise kind
> people will start abusing the API to code useful programs that will
> later fail when the information API suddenly starts returning
> "unknown" values.
> Regards, Peter
True, but when Unsafe is not available any more, you can't do much with
these numbers at all. Then it doesn't matter if the number if the
concrete memory address or not, you can't access it anyway except using JNI.
So why adding an offset? It gives the false impression that it could be
more secure, which is not the case.
More information about the jdk-dev