abies at pg.gda.pl
Sat May 24 02:52:55 PDT 1997
On Sat, 24 May 1997, Glynn Clements wrote:
> I've rewritten Kore so that the native method classes now live in
> their respective packages. This avoids having to do any kludges to
> restrict access to them.
Sorry to repeat it again. Maybe I'm boring, but we do need full
compability with sun API, ESPECIALLY at security precautions.
Let repeat process again. Some java browser loads few applet classes from
the net. One of them is java.io.MyFile . It does have unrestricted access
to NativeIO class and all native funs. Security hole.
As you may see, native funs does not throw SecurityExceptions - it is
work for java methods.
Implementing SecurityManager checks in native funs is a duplicate work -
they need to be in java classes anyway - and performance cost.
I do not see a possibilty of doing this trough NativeInterface
classes without breaking compability with specs.
At second thought it seems possible for me to implement SecuritManager
checks ONLY in native funs. I'm just not sure how well would be the
mapping methods od normal SecurityManager created for java classes to
specific native calls (imagine two java methods using two different
security check to access same native function. It isn't a case in 1.1 I
think, but who would guarantee that 5.6 wouldn't have it ?)
More information about the kaffe