FYI: Manifest reading of JarFile
Tom Tromey
tromey@redhat.com
Sat Feb 8 00:01:00 GMT 2003
>>>>> "Mark" == Mark Wielaard <mark@klomp.org> writes:
Mark> I am committing this to branch and mainline.
Mark> This make the Eclipse online Update Manger work. I have successfully
Mark> used this to install the WebDav support that was needed for the Sftp
Mark> File Synchronization plugin (which works flawlessly under gij BTW).
Mark> <http://www.klomp.org/eclipse-plugins/org.klomp.eclipse.team.sftp/>
Cool. Thanks for dealing with this.
Mark> Note that we don't actually verify the Manifest entry (and to
Mark> run Eclipse you have to disable the byte code verifyer) so this
Mark> is certainly not recommended for loading arbitraty (untrusted)
Mark> classees from the net.
We're still missing a lot of other infrastructure that would make it
possible to download untrusted code. In particular we need to audit
for all SecurityManager checks, we need to audit gnu.* to make sure
that code can't circumvent the type system that way, and we need to
implement stack overflow checking.
Then we also need to find a way to gain confidence in the result.
Lately I've been looking at some of the verifier bugs, not only in gij
but also in gcj. It is a dismal situation. For one thing, sometimes
it is really unclear whether a given program is valid or invalid --
and various versions of the JDK will disagree. Given that most code
out there really is valid, that means that it is even harder to gain
confidence in the correctness of the verifier.
Tom
More information about the Java-patches
mailing list