glynn at sensei.co.uk
Sat May 24 08:47:41 PDT 1997
Artur Biesiadowski wrote:
> Let repeat process again. Some java browser loads few applet classes from
> the net. One of them is java.io.MyFile . It does have unrestricted access
> to NativeIO class and all native funs. Security hole.
This assumes that the checkPackageDefinition() method of the current
SecurityManager permits classes to be defined in java.*.
Alternatively, the kore-0.0.2 approach of having the native methods in
a separate package allows access to be restricted via the
checkPackageAccess() method of SecurityManager.
This isn't an issue for locally defined classes, as they can add their
own native methods anyway.
Unless SecurityManager objects are required to be portable between
implementations, I would argue for either:
1. Put native methods in their own package (as in kore-0.0.2) and use
SecurityManager.checkPackageAccess() to restrict access to them, or
2. Put native methods in non-public classes within the appropriate
java.* packages and use SecurityManager.checkPackageDefinition() to
prevent downloaded classes from being defined in java.*.
BTW, does anyone know whether existing Java-enabled browsers permit
applets to define classes in java.* ?
Glynn Clements <glynn at sensei.co.uk>
More information about the kaffe