Linking libgcj, and Java security
Andrew Haley
aph@redhat.com
Tue Dec 3 07:07:00 GMT 2002
We don't link libgcj with the -Bsymbolic option: this means that we
resolve most calls within libgcj dynamically. I suspect this also
means that it's possible for a Java program to replace any method in
libgcj. This may be a security hole.
I don't think this is desirable, and in any case runtime relocation
wastes time and space; the performance gain using -Bsymbolic might be
well worth having.
Before I submit a patch, is there any good reason _not_ to use
-Bsymbolic?
Andrew.
More information about the Java
mailing list