Replacement of sun.reflect.Reflection#getCallerClass
David M. Lloyd
david.lloyd at redhat.com
Wed Sep 18 15:21:47 UTC 2013
On 09/03/2013 12:16 PM, Peter Levart wrote:
> *AND* that Reflection.getCallerClass() can only be called from within
> methods annotated with @CallerSensitive.
> Now for that part, the public API equivalent
> (StackTraceFrame.getCallerClass() or whatever it is called) need not
> be restricted to methods annotated with any annotation, but that
> means that this public API should not be used to implement security
> decisions since MethodHandles API allows caller to be spoofed unless
> looking-up a method annotated with @CallerSensitive...
Peter, can you please elaborate on this a bit? I could find nothing in
the MethodHandles API or its associated classes that would seem to give
the ability to call another method with a spoofed caller. Yes you can
set up a Lookup for another class but I don't see how that would affect
the ability of (say) a security manager to make access decisions based
on the call stack/class context?
More information about the core-libs-dev