Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020801

Apply the restriction of invoking MethodHandles.lookup to j.l.r.Method.invoke

    XMLWordPrintable

    Details

      Backports

        Description

        The fix for JDK-8017196 has implemented a point fix to disallow MethodHandles.lookup be called by most of the bootstrap code. It is a "Big Hammer" approach to closing that door, because it closes a bunch of harmless doors also. Given the fact that the JDK code does not use MHs.lookup() at present, it is an acceptable point fix.

        The goal is to prevent invocation by uncontrolled jlr.Method.invoke of MethodHandles.lookup.

        The point fix is fragile. It forces people who want to use it later (like the code in sun.invoke.util does) to add a string manually to the white list logic, adding a new set of (minor) risks.

        There is no harm in having random JDK code (outside of the MH implementation itself) call MHs.lookup. Or rather, the harm would consist of the JDK code doing something really dumb, which is returning the Lookup object (with all its capabilities) to an untrusted caller. That would be bad but it is unlikely to occur.

        We should make the restriction apply to jlr.Method.invoke only. John has an initial prototype (attached).

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                mchung Mandy Chung
                Reporter:
                mchung Mandy Chung
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: