[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack Java

To: Rich Salz <[email protected]>
Subject: Re: Hack Java
From: Simon Spero <[email protected]>
Date: Tue, 23 Jan 1996 11:18:24 -0800 (PST)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Tue, 23 Jan 1996, Rich Salz wrote:

Have you implemented this? If so, I'd be interested to hear how; It 
doesn't sound feasible.
> 
> Now suppose, I fake a compiler (or I have a malicious compiler)
> and I generate by hand malicious byte code such that
> in the symbol tables, tricky_pointer and data have the same
> offset.

Symbol tables in java class files don't have offsets - they consist of a 
list of class_ids, names, and types. Offsets into the class object are 
theoretically generated at run time, and are purely internal to the 
virtual machine. 

The only way to get at the offsets is through the _quick variants, which 
are not real java instructions, but placeholders inserted by the Sun 
classloader after offsets have been calculated. If the class verifier can be
made to allow _quick instructions through, security disappears - this is 
checked for- a hole in this code would be huge.

Simon

References:
- Hack Java
  - From: Rich Salz <[email protected]>

Prev by Date: Motorola Cordless Secure Clear Telephone
Next by Date: No Subject
Prev by thread: Re: Hack Java
Next by thread: Re: Hack Java
Index(es):
- Date
- Thread