null ClassLoader

Adam Megacz gcj@lists.megacz.com
Sat Dec 22 00:43:00 GMT 2001

• Previous message (by thread): null ClassLoader
• Next message (by thread): null ClassLoader
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Tom Tromey <tromey@redhat.com> writes:
> Adam> For example, such classes can effectively gain read access to
> Adam> private fields on arbitrary objects -- see
> Adam> java.io.ObjectOutputStream.enableReplaceObject()

> I looked at this. I think that code is incorrect. The spec says we
> need to ask the SecurityManager instead. I'll come up with a patch.

Oh wow, the definition of "trusted" changed from jdk1.1 -> jdk1.2 -- I
work from the 1.1 docs since my code has to run in the
NetscapeVM/MSJVM.
I was actually referring to the definition of "trusted" in the 1.1
docs, but it appears that Sun has (wisely) ditched the "if your
classloader is null you are omnipotent" approach.
So this may all be moot now.
 - a

---

• Previous message (by thread): null ClassLoader
• Next message (by thread): null ClassLoader
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Java mailing list