-
Bug
-
Resolution: Fixed
-
P4
-
1.0.2, 1.1, 1.1.1, 1.1.2, 1.1.3
-
1.2beta3
-
generic, x86, sparc
-
generic, solaris_2.4, solaris_2.5, solaris_2.5.1, solaris_2.6, windows_nt
-
Not verified
As a workaround for a javac optimizer bug, the VM disables access checks for
locally loaded classes. This includes accesses to private classes, private/
protected fields and methods.
This VM bug will be trivial to fix once javac optimizer is fixed so that it
no longer generates bad class files. We have to make sure that the fixed VM
won't break too much existing code.
==========================================================================
Another report:
Private members of a class may be accessed by
foreign classes which are compiled against stub
classes with public members of the same name.
public class Victim {
private int off_limits = 1;
}
public class Attacker
{
public static void main(String[] args)
{
Victim victim = new Victim();
System.out.println("victim.off_limits=" + victim.off_limits);
victim.off_limits = 0;
System.out.println("victim.off_limits=" + victim.off_limits);
}
}
public class Victim {
// This is the stub class
public int off_limits;
}
(1) compile Attacker with the stub Victim class around.
(2) rename the stub Victim class compile the real Victim class
(3) run the Attacker with the real Victim class present, and you may read
and write to the off_limits member (variable or function).
==========================================================================
locally loaded classes. This includes accesses to private classes, private/
protected fields and methods.
This VM bug will be trivial to fix once javac optimizer is fixed so that it
no longer generates bad class files. We have to make sure that the fixed VM
won't break too much existing code.
==========================================================================
Another report:
Private members of a class may be accessed by
foreign classes which are compiled against stub
classes with public members of the same name.
public class Victim {
private int off_limits = 1;
}
public class Attacker
{
public static void main(String[] args)
{
Victim victim = new Victim();
System.out.println("victim.off_limits=" + victim.off_limits);
victim.off_limits = 0;
System.out.println("victim.off_limits=" + victim.off_limits);
}
}
public class Victim {
// This is the stub class
public int off_limits;
}
(1) compile Attacker with the stub Victim class around.
(2) rename the stub Victim class compile the real Victim class
(3) run the Attacker with the real Victim class present, and you may read
and write to the off_limits member (variable or function).
==========================================================================
- duplicates
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-