From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3360 invoked by alias); 11 Mar 2006 21:58:16 -0000 Received: (qmail 3344 invoked by uid 22791); 11 Mar 2006 21:58:16 -0000 X-Spam-Check-By: sourceware.org Received: from 62-177-154-238.static.bbeyond.nl (HELO lembu.sumatrasoftware.com) (62.177.154.238) by sourceware.org (qpsmtpd/0.31) with ESMTP; Sat, 11 Mar 2006 21:58:13 +0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: runFinalization in Classloader.initialize doesn't run on cacao Date: Sat, 11 Mar 2006 21:58:00 -0000 Message-ID: From: "Jeroen Frijters" To: "Olivier Jolly" Cc: , "Mauve Patch List" X-IsSubscribed: yes Mailing-List: contact mauve-discuss-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: mauve-discuss-owner@sourceware.org X-SW-Source: 2006-q1/txt/msg00060.txt.bz2 Olivier Jolly wrote: > Ok, I feared something like this. However, the way this test=20 > is written seems very obscure (to me at least). Could you advise me why > is the class loader created with an exception thrown in the constructor > and then the reference to the semi-created instance is retrieved in the > finalizer. And then I wonder why it then raises SecurityException > instead of ClassFormatError. I reread about the finalizer semantic and > the ClassLoader api without finding a clue. Read http://www.securingjava.com/chapter-five/chapter-five-8.html for a description of the class loader attack that this is simulating. Regards, Jeroen