[jboss-dev] Refactoring packaging/packages to reduce "signed jar groups"
Adrian Brock
abrock at redhat.com
Thu Feb 25 14:23:33 EST 2010
On Thu, 2010-02-25 at 13:11 -0600, David M. Lloyd wrote:
> My understanding is that if the Packages are not equal, then
> package-protected access checks across JAR boundaries would fail, which is
> what we'd want. I.e. you're strengthening security, not weakening it.
>
> The JVM spec says "Each such class or interface belongs to a single runtime
> package. The runtime package of a class or interface is determined by the
> package name and defining class loader of the class or interface." which I
> take to mean Package object, since Package objects are unique per
> classloader. So you'd have one classloader per JAR with completely
> segregated Package spaces, possibly within the same domain, thus allowing
> individual JARs to be sealed.
>
No. Even if they are in the same physical package, you can't use
package private access across classes defined in
different classloaders.
That used to be an FAQ in early JBoss-3.0.x when every subdeployment
got its own classloader. ;-)
See for example:
http://altair.cs.oswego.edu/pipermail/jsr294-modularity-eg/2009-March/000222.html
discussing and dismissing a proposal to change that rule.
Whether sealing has any other security benefits I don't know?
But I'd be loath to weaken the checking on somebody's **guess** that
it does not. ;-)
> Perhaps I've missed something in the conversation though, it wouldn't be
> the first time.
>
> - DML
--
xxxxxxxxxxxxxxxxxxxxx
Adrian Brock
Chief Scientist
JBoss by Redhat
xxxxxxxxxxxxxxxxxxxxx
More information about the jboss-development
mailing list