• Post Reply Bookmark Topic Watch Topic
  • New Topic

Malicious use of ThreadDeath?  RSS feed

 
Jon Camilleri
Ranch Hand
Posts: 664
Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible for a malicious coder to use Thread.stop, or throw ThreadDeath objects to terminate existing processes on a computer? How?
How does Java securely monitor Threads and develop ownership of control of running threads?

Articles and tutorials on the subject would be appreciated.

Related links
1. Java Thread Primitive Deprecated
2. ThreadDeath
 
Henry Wong
author
Sheriff
Posts: 23295
125
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, the Thread.stop() method only affects threads within the same JVM -- it doesn't affect "other processes".

Second, this call does go through the security manager, so there is some protection from components in the same web or application server. Regardless, if a malicious component got into the application server, security has already been been violated -- ie. your time is probably better spent to enforce security to keep the bad guys out, than to enforce security to keep the bad guys from doing bad things.

Henry
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!