Replacement for sun.misc.Unsafe.allocateInstance(Class<?>) ?

Florian Weimer fweimer at
Sat Aug 1 22:38:33 UTC 2015

On 08/01/2015 10:57 AM, Andrew Haley wrote:

> However, the security problems are great. I haven't heard any
> suggestion about how to expose this feature to user-created libraries
> without breaking Java security, and I suspect there may be none.

Are the problems greater than those of general reflection after
setAccessible(true)?  I don't think so.  I think the main objection
would be philosophical (against adding yet more trapdoors).  I respect
that—but at the same time, there does not seem to be a core technical
requirement why a suitable API with a proper permission check could not
be added to the JDK.

Florian Weimer / Red Hat Product Security

More information about the core-libs-dev mailing list