kaffe sematics of newInstance != jdk1.1.3

Guy Carpenter guy at bushnet.qld.edu.au
Tue Aug 5 03:58:38 PDT 1997


I've found a difference between kaffe 0.9.1 and jdk1.1.3
which may constitute a security problem in kaffe.

I am loading classes on the fly using a custom class loader
and creating instances with Class.newInstance.

With kaffe I can create an instance of a class in another
package even if the class is not declared public.  Sun's jdk
throws an IllegalAccessException when running the same code,
and I believe that is the correct behaviour.

In more detail:

package A uses a class loader to load a .class file which defines a
non-public class in package B.

Package A then calls Class.newInstance() on the newly loaded class.

kaffe creates a new instance of the loaded class, and I can
call instance methods on the newly created object.

OTOH jdk throws an IllegalAccessException and refuses to instantiate the class.

Regards,
Guy.

----------------------------------------------------------------------
Guy Carpenter                                 http://clearwater.com.au
Clearwater Technical Services                    guy at clearwater.com.au
4 Alamanda Close, Yungaburra, Q 4872 Australia          +61 70 953 309
----------------------------------------------------------------------



More information about the kaffe mailing list