Class loaders, etc
Godmar Back
gback at cs.utah.edu
Sun Aug 23 18:08:51 PDT 1998
Hi Archie,
>
> In particular, does kaffe support the new 1.2 security checking model?
No.
> Eg.:
>
> - Does kaffe differentiate between (and support simultaneous instances
> of) two classes loaded via different class loader instances?
Yes. Except for the security part, class loaders work just fine.
>
> - Does kaffe maintain a set of constraints to prevent the security
> exploit described in the paper?
No. Kaffe's classloader mechanism is broken in the same way other 1.1
loaders are.
>
> Also, what's the state of byte-code verification in kaffe.. and is
> anyone actively working on this?
I do not know, but I agree it needs to be done. Before fixing class loaders,
I think the first step will be to implement elementary security checks, such
as honoring private and protected.
- Godmar
More information about the kaffe
mailing list