This is the mail archive of the
mauve-discuss@sourceware.org
mailing list for the Mauve project.
Re: runFinalization in Classloader.initialize doesn't run on cacao
- From: Olivier Jolly <olivier dot jolly at pcedev dot com>
- To: Jeroen Frijters <jeroen at sumatra dot nl>
- Cc: mauve-discuss at sources dot redhat dot com, Mauve Patch List <mauve-patches at sources dot redhat dot com>
- Date: Sat, 11 Mar 2006 23:18:48 +0100
- Subject: Re: runFinalization in Classloader.initialize doesn't run on cacao
- References: <D92197D0A6547B44A1567814F851FA681805CA@LEMBU.sumatrasoftware.com>
Jeroen Frijters a écrit :
>Olivier Jolly wrote:
>
>
>>Ok, I feared something like this. However, the way this test
>>is written seems very obscure (to me at least). Could you advise me
>>
>>
>why
>
>
>>is the class loader created with an exception thrown in the
>>
>>
>constructor
>
>
>>and then the reference to the semi-created instance is retrieved in
>>
>>
>the
>
>
>>finalizer. And then I wonder why it then raises SecurityException
>>instead of ClassFormatError. I reread about the finalizer semantic and
>>the ClassLoader api without finding a clue.
>>
>>
>
>Read http://www.securingjava.com/chapter-five/chapter-five-8.html for a
>description of the class loader attack that this is simulating.
>
>
>
Okey, it does make perfect sense now. Thanks for the test and the info.
If you don't mind, I'll add comments to your testlet and link to this url.
And, then, we don't have any test which checks ClassLoader.getPackages
behaviour, I'm getting on this.
>Regards,
>
>
Thanks again, take care
>Jeroen
>
>
+Olivier