• Post Reply Bookmark Topic Watch Topic
  • New Topic

Bytecode Manipulation of JRE Classes  RSS feed

 
Jeff Storey
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi. I'm using the tool javassist to do some bytecode manipulation of some class files. I would like to manipulate the code of java.lang.Thread, but the problem is I don't know the source I want to inject until after it is already loaded by the classloader. The code I inject depends on some custom classes that get loaded once my application starts. Is there a way to inject the code into the java.lang.Thread class after it has already been loaded by the classloader? Thanks.
 
Rob Spoor
Sheriff
Posts: 21135
87
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I sure hope not. If so, this would be a MAJOR security leak!

Imagine running the JVM, thinking nothing is wrong, until all of a sudden some malicious code edits the byte code of Thread, or even worse, Object, to execute some code you don't want.

That would be a total disaster for Java, as nobody would trust it anymore.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think it's possible, because once a class is loaded, it can't be reloaded by the same classloader.

I don't see it as a security risk, since any untrusted code should be run with a security manager, which would disallow this kind of manipulation.

In code running without a security manager it's anyway possible to subvert various security measures using reflection.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!