Class loaders, etc

Archie Cobbs archie at
Sat Aug 22 15:41:27 PDT 1998

I'm curious how close the kaffe class loader is to the latest definition
of what a class loader should be, described in:

In particular, does kaffe support the new 1.2 security checking model?

  - Does kaffe differentiate between (and support simultaneous instances
    of) two classes loaded via different class loader instances?

  - Does kaffe maintain a set of constraints to prevent the security
    exploit described in the paper?

>From the looks of it, the answer is not yet.

Also, what's the state of byte-code verification in kaffe.. and is
anyone actively working on this?

More generally, this is not to complain about what's not done yet,
but rather to gather an explicit list of what work remains in the
domains of class loading, class verification, class loading security
issues, and determine what plans there are (if any) for addressing
these issues, etc.

These issues are important not only for web browsers, but also for
web servers that run Servelets, etc. Different servelets can load
different classes with the same name, etc.


Archie Cobbs   *   Whistle Communications, Inc.  *

More information about the kaffe mailing list