This week's book giveaway is in the Testing forum.
We're giving away four copies of Data Structures the Fun Way: An Amusing Adventure with Coffee-Filled Examples and have Jeremy Kubica on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Devaka Cooray
  • Ron McLeod
  • paul wheaton
Saloon Keepers:
  • Tim Moores
  • Piet Souris
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Frits Walraven
  • Scott Selikoff

Bytecode Manipulation of JRE Classes

 
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi. I'm using the tool javassist to do some bytecode manipulation of some class files. I would like to manipulate the code of java.lang.Thread, but the problem is I don't know the source I want to inject until after it is already loaded by the classloader. The code I inject depends on some custom classes that get loaded once my application starts. Is there a way to inject the code into the java.lang.Thread class after it has already been loaded by the classloader? Thanks.
 
Sheriff
Posts: 22701
129
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I sure hope not. If so, this would be a MAJOR security leak!

Imagine running the JVM, thinking nothing is wrong, until all of a sudden some malicious code edits the byte code of Thread, or even worse, Object, to execute some code you don't want.

That would be a total disaster for Java, as nobody would trust it anymore.
 
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think it's possible, because once a class is loaded, it can't be reloaded by the same classloader.

I don't see it as a security risk, since any untrusted code should be run with a security manager, which would disallow this kind of manipulation.

In code running without a security manager it's anyway possible to subvert various security measures using reflection.
 
Yeah, but is it art? What do you think tiny ad?
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic