This is the mail archive of the
mauve-patches@sourceware.org
mailing list for the Mauve project.
RE: runFinalization in Classloader.initialize doesn't run on cacao
- From: "Jeroen Frijters" <jeroen at sumatra dot nl>
- To: "Olivier Jolly" <olivier dot jolly at pcedev dot com>
- Cc: <mauve-discuss at sources dot redhat dot com>, "Mauve Patch List" <mauve-patches at sources dot redhat dot com>
- Date: Sat, 11 Mar 2006 22:58:07 +0100
- Subject: RE: runFinalization in Classloader.initialize doesn't run on cacao
Olivier Jolly wrote:
> Ok, I feared something like this. However, the way this test
> is written seems very obscure (to me at least). Could you advise me
why
> is the class loader created with an exception thrown in the
constructor
> and then the reference to the semi-created instance is retrieved in
the
> finalizer. And then I wonder why it then raises SecurityException
> instead of ClassFormatError. I reread about the finalizer semantic and
> the ClassLoader api without finding a clue.
Read http://www.securingjava.com/chapter-five/chapter-five-8.html for a
description of the class loader attack that this is simulating.
Regards,
Jeroen