Questions on deprivileging a module
Remi Forax
forax at univ-mlv.fr
Tue Jul 5 08:03:55 UTC 2016
The other solution is to use a VarHandle instead of Unsafe for setting the final field,
i don't think that letting unprivileged module to access to Unsafe is a good idea.
cheers,
Rémi
----- Mail original -----
> De: "Alan Bateman" <Alan.Bateman at oracle.com>
> À: "Wang Weijun" <weijun.wang at oracle.com>
> Cc: "jigsaw-dev" <jigsaw-dev at openjdk.java.net>, "OpenJDK" <security-dev at openjdk.java.net>
> Envoyé: Mardi 5 Juillet 2016 09:56:35
> Objet: Re: Questions on deprivileging a module
>
> On 05/07/2016 08:15, Wang Weijun wrote:
>
> > :
> > It's a runtime error.
> >
> > @CallerSensitive
> > public static Unsafe getUnsafe() {
> > Class<?> caller = Reflection.getCallerClass();
> > if (!VM.isSystemDomainLoader(caller.getClassLoader()))
> > throw new SecurityException("Unsafe"); <<<<<< The exception thrown
> > return theUnsafe;
> > }
> >
> > Just tried the one in jdk.unsupported, same error.
> >
> Okay, maybe this restriction in jdk.internal.misc.Unsafe needs to
> relaxed. For now then I assume you can read Unsafe.theUnsafe which is
> how user code typically gets it.
>
> -Alan.
>
More information about the jigsaw-dev
mailing list