-
Bug
-
Resolution: Fixed
-
P2
-
9
-
b169
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8180257 | 10 | Mandy Chung | P2 | Resolved | Fixed | b08 |
The fix for JDK-8017196 has implemented a point fix to disallow MethodHandles.lookup be called by most of the bootstrap code. It is a "Big Hammer" approach to closing that door, because it closes a bunch of harmless doors also. Given the fact that the JDK code does not use MHs.lookup() at present, it is an acceptable point fix.
The goal is to prevent invocation by uncontrolled jlr.Method.invoke of MethodHandles.lookup.
The point fix is fragile. It forces people who want to use it later (like the code in sun.invoke.util does) to add a string manually to the white list logic, adding a new set of (minor) risks.
There is no harm in having random JDK code (outside of the MH implementation itself) call MHs.lookup. Or rather, the harm would consist of the JDK code doing something really dumb, which is returning the Lookup object (with all its capabilities) to an untrusted caller. That would be bad but it is unlikely to occur.
We should make the restriction apply to jlr.Method.invoke only. John has an initial prototype (attached).
The goal is to prevent invocation by uncontrolled jlr.Method.invoke of MethodHandles.lookup.
The point fix is fragile. It forces people who want to use it later (like the code in sun.invoke.util does) to add a string manually to the white list logic, adding a new set of (minor) risks.
There is no harm in having random JDK code (outside of the MH implementation itself) call MHs.lookup. Or rather, the harm would consist of the JDK code doing something really dumb, which is returning the Lookup object (with all its capabilities) to an untrusted caller. That would be bad but it is unlikely to occur.
We should make the restriction apply to jlr.Method.invoke only. John has an initial prototype (attached).
- backported by
-
JDK-8180257 Apply the restriction of invoking MethodHandles.lookup to j.l.r.Method.invoke
-
- Resolved
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
- links to
