[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hack Java
On Tue, 23 Jan 1996, Rich Salz wrote:
Have you implemented this? If so, I'd be interested to hear how; It
doesn't sound feasible.
>
> Now suppose, I fake a compiler (or I have a malicious compiler)
> and I generate by hand malicious byte code such that
> in the symbol tables, tricky_pointer and data have the same
> offset.
Symbol tables in java class files don't have offsets - they consist of a
list of class_ids, names, and types. Offsets into the class object are
theoretically generated at run time, and are purely internal to the
virtual machine.
The only way to get at the offsets is through the _quick variants, which
are not real java instructions, but placeholders inserted by the Sun
classloader after offsets have been calculated. If the class verifier can be
made to allow _quick instructions through, security disappears - this is
checked for- a hole in this code would be huge.
Simon