P3 Name: dkC59003 Date: 07/08/99
JVM specification Second edition chapter 5.4.4 "Access Control" reads:
...
A field or method R is accessible to a class or interface D
if and only if any of the following conditions is true:
R is public.
R is protected and is declared in a class C, and D is
either a subclass of C or C itself.
R is either protected or package private (that is, neither
public nor protected nor private), and is declared by a
class in the same runtime package as D.
R is private and is declared in D.
...
The following test shows that plugin allows access from class "BadClass"
to private field "buf" in class "test".
The plugin is run on Solaris, Netscape 4.5, under trusted mode -
CLASSPATH=/home/akm/test/applet (test.class and BadClass.class are there).
The bug is not reproduced under untrusted mode.
Note, JDK (e.g. 1.3, 1.2.2) behaves the same way without -Xfuture option.
------------------------------- test.java -------------------------------
import java.applet.*;
public class test extends Applet {
private static int buf = 1;
public void init () {
try {
System.out.println(buf);
BadClass.badMethod();
System.out.println(buf);
} catch (Throwable e) {
System.out.println(e);
}
}
}
------------------------------- BadClass.jasm -------------------------------
class BadClass extends test
{
public static Method badMethod:"()V"
stack 1 locals 0
{
iconst_2;
putstatic Field test.buf:"I";
return;
}
}
------------------------------- solApplet.html -------------------------------
<html>
<head>
<title>Test applet</title>
</head>
<body>
<EMBED type=application/x-java-applet
width=1 height=1
code=test.class
java_codebase=/home/akm/test/applet
>
</body>
</html>
------------------------------- output -------------------------------
1
2
======================================================================
======================================================================
- relates to
-
JDK-4240375 JCK122 and 1.2a, vm tests are failing under trusted mode
-
- Closed
-
-
-
- Closed
-