Reminder: Illegal Package-Private Accesses in libgcj

Bryce McKinlay bryce@mckinlay.net.nz
Mon Nov 3 06:25:00 GMT 2003

• Previous message (by thread): Reminder: Illegal Package-Private Accesses in libgcj
• Next message (by thread): Reminder: Illegal Package-Private Accesses in libgcj
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On Nov 3, 2003, at 5:59 PM, David Daney wrote:
> Ranjit Mathew wrote:
>>> But Bryce wants to avoid having to call backtrace( )
>> and use libgcc's unwinder interface instead and hence
>> my query.
>>>> Ranjit.
>>>>> Well you probably already know this, but a few weeks ago I added 
> libjava/sysdep/dwarf2-backtrace.cc which as its name implies generates 
> a backtrace via the libgcc unwinder. However as was noted earlier, 
> this is of little use when the eh_frame info is not available.
>> It seems to me that if there is no other way to get a backtrace than 
> using -fno-omit-framepointer and walking the stack, then that is what 
> you have to do.
>> The alternative is to not be able to get a stack trace, which implies 
> that much of the java security infrastructure will not work.

Theres actually a bit more required than just a simple backtrace to get 
the security stuff right. We also need the entry point of the function, 
in order to match it up with a java.lang.Class and _Jv_Method, and the 
libgcc unwinder conveniently gives us this. Using something like 
dladdr() and demangling the function name is an alternative approach, 
and the existing code does that, but it seems fragile and isn't correct 
from the security perspective - for example someone could simply call 
their class java.lang.Whatever and get elevated privileges.
Regards
Bryce.

---

• Previous message (by thread): Reminder: Illegal Package-Private Accesses in libgcj
• Next message (by thread): Reminder: Illegal Package-Private Accesses in libgcj
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Java mailing list