kaffe sematics of newInstance != jdk1.1.3
Guy Carpenter
guy at bushnet.qld.edu.au
Tue Aug 5 03:58:38 PDT 1997
I've found a difference between kaffe 0.9.1 and jdk1.1.3
which may constitute a security problem in kaffe.
I am loading classes on the fly using a custom class loader
and creating instances with Class.newInstance.
With kaffe I can create an instance of a class in another
package even if the class is not declared public. Sun's jdk
throws an IllegalAccessException when running the same code,
and I believe that is the correct behaviour.
In more detail:
package A uses a class loader to load a .class file which defines a
non-public class in package B.
Package A then calls Class.newInstance() on the newly loaded class.
kaffe creates a new instance of the loaded class, and I can
call instance methods on the newly created object.
OTOH jdk throws an IllegalAccessException and refuses to instantiate the class.
Regards,
Guy.
----------------------------------------------------------------------
Guy Carpenter http://clearwater.com.au
Clearwater Technical Services guy at clearwater.com.au
4 Alamanda Close, Yungaburra, Q 4872 Australia +61 70 953 309
----------------------------------------------------------------------
More information about the kaffe
mailing list