a small security issue in the current jdk7 implementation
John Rose
john.r.rose at oracle.com
Wed Apr 20 14:40:50 PDT 2011
Thanks. Will fix by making it non-public. -- John
On Apr 20, 2011, at 1:10 PM, Rémi Forax wrote:
> The class java.lang.invoke.MemberName.Factory is public but should not.
>
> It's not a big issue because the compiler will reject any attempt to access
> to this class because java.lang.invoke.MemberName is package visible and
> any forged code will need to find an instance of this class which is not
> easy.
>
> Rémi
>
>
> _______________________________________________
> mlvm-dev mailing list
> mlvm-dev at openjdk.java.net
> http://mail.openjdk.java.net/mailman/listinfo/mlvm-dev
More information about the mlvm-dev
mailing list