URLClassloader and native objects

Sal gcj@svf.dreamhost.com
Sat Jun 12 16:17:00 GMT 2004

• Previous message (by thread): URLClassloader and native objects
• Next message (by thread): URLClassloader and native objects
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

> solibs are currently only loaded locally. 

Can I download a .so, put it local, then have gcj load it via a custom 
classloader somehow? From what I can see the only way is to have the 
object on your classpath, and it must be loaded by the system classloader.
> I don't think its a good 
> idea to make it possible to load them via network. This would open 
> some security holes because native code can't be verified the same 
> way then bytecode can.

Yes the security issue is a big one. I was thinking along some lines of 
having it optional... and/or allowing some hooks to allow the code to be 
verified after it was downloaded. (Kind of like ActiveX signing works... 
though I know the technology has its issues also)
The main problem that I am trying to overcome is that the ability to 
allow a custom classloader to perform the loading of any class is 
important to allow a lot of java applications to function properly.
It seems the java security model requires that any custom classloader 
must be able to load any object in order for that same classloader to 
continue processing future class-load requests from that object. So 
even if we disallow gcj from loading arbitrary native code because of 
security issues, there still needs to be a way for a custom classloader 
to 'tag' native objects as being loaded by itself and not the system.
For example, in gcj if a 'MyClassLoader' delegates to 
'SystemClassLoader' to process a request for a new object (so the native 
object gets used), then 'MyClassLoader' will be denied any future 
ability to process object requests made by that new object. A lot of 
applications only delegate requests to java.* objects... so this isn't 
an issue there, but if you want the custom classloader to reference an 
application-specific object, this is where it all starts to break.
I may be wrong on some of this stuff... I've only been using CCLs with 
gcj for a couple of weeks now.
> We have thought about downloading normal jars and compile them locally 
> to native and use this then. When the remote jar changes its 
> re-downloaded and the game begins from the start.

This is a good idea. However if I'm not mistaken, currently the object 
'loading' will still have to be performed by the System/root 
classloader, as after compile that is the only way to get a native 
object into GCJ.
If you meant that you were considering changing GCJ to allow the 
delegation of native object loading to other classloaders... then that 
would make this possible and solve my problem too.
I would be interested in developing/helping with this feature... is 
there any current effort already started in this direction?
> Michael
> - -- 
> Homepage: http://www.worldforge.org/

Ahh, a fellow worldforger :)
- Sal

---

• Previous message (by thread): URLClassloader and native objects
• Next message (by thread): URLClassloader and native objects
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Java mailing list