This is the mail archive of the
java@gcc.gnu.org
mailing list for the Java project.
Re: gcj-security and some issues
Am Don, den 29.04.2004 schrieb Tom Tromey um 01:25:
> Tom> Eventually we'll be able to load multiple .so's via different class
> Tom> loaders. So the mapping would have to be by the particular mapping,
> Tom> not by, say, the .so's inode.
>
> Jakob> hmm interesting. So you mean by that, that one could override the
> Jakob> natClassLoader by some other shared object loader, or how shall I
> Jakob> understand that? How does that affect the CodeSource, I mean the
> Jakob> location doesn't change regardless which class loader is used.
>
> Yeah, good point about CodeSource. It could affect the protection
> domain, however.
>
> The basic idea here is that the class->object mapping can be done
> behind the scenes by the VM -- this is the gcj-jit idea that Andrew
> has been hacking on. It doesn't involve explicit user code knowledge
> of .so loading at all, it is handled automatically.
this is interesting. hmm again protection domain - I think the
protection domain is just determined by the codesource and the according
permissions as of the policy file. I mean if the policies would be more
dynamic this could be an argument, but as the policy gets set once and
independent from the classloader, I don't understand this. but anyways,
this could be a lack of my understanding.
Is there anything I can read abit on.
Btw: got green light to attend the gcc summit, look forward to seeing
your presentation about the new abi there.
> Jakob> setting the ProtectionDomain here is called from withtin the
> Jakob> _Jv_RunMain. Does this mean this gets only done for a executable/shared
> Jakob> object, that calls the RunMain function.
>
> This patch only affects classes that are linked into the executable.
> Classes loaded dynamically already have their protection domain and
> code source set, either by the interpreter code that creates classes,
> or by the code in natSharedLibLoader.cc.
ahh natSharedLibLoader, have overlooked that completly :-)
>
> Jakob> What is the job of the initiated_classes array. Does it contain all
> Jakob> classes that are loaded and usable?
>
> Look in natClassLoader.cc, there is a comment explaining all this
> already.
>
thanks.
Jakob