AccessibleObject.setAccessible() backward compatibility

Tim Boudreau niftiness at
Fri Sep 11 20:14:56 UTC 2015

> >> If the implementation of MethodHandle uses setAccessible() (I don't know
> >> its internals), then this Java 0day would qualify:
> >
> > It does not as far as I know.
> > It's the opposite, if you want to bypass the security sandbox with a
> MethodHandle,
> > you have to use reflection + setAccessible and then use
> Lookup.unreflect*().

Point taken.

Regardless, if one of the problems we want to solve here is security
related, then having a security sandbox you really can't bypass, even
reflectively, is not a bad idea at all.


More information about the jpms-spec-observers mailing list