This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug libgcj/20704] CNI code is called/loaded without any security checks
- From: "mckinlay at redhat dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 31 Mar 2005 19:01:33 -0000
- Subject: [Bug libgcj/20704] CNI code is called/loaded without any security checks
- References: <20050331170515.20704.mark@gcc.gnu.org>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Additional Comments From mckinlay at redhat dot com 2005-03-31 19:01 -------
I'm not sure that this should really be considered a bug. loadLibrary() must
obviously be a privileged function because arbritary code could be loaded by
calling it (possibly from an insecure context), but having/calling a CNI method
does not in itself cause anything to be loaded. A CNI method implementation must
already be loaded by being explicitly linked into an application binary.
To put it another way: is there a way that insecure bytecode can actually turn
this into an exploit?
Perhaps some kind of validity check is needed at link time to ensure that native
method declarations in insecure code do not link against an inappropriate native
method (for example, make sure that insecure classes cannot call themselves
gnu.foo.Whatever and get linked to a private CNI method implementation in
another class of the same name).
In any case, checking the loadLibrary permission is the wrong approach because
there is no library actually being loaded. The correct behaviour would be to
simply not link the method if something isn't right, resulting in an
UnsatisfiedLinkError.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20704