堆栈内存溢出
  简体   繁体   English

Java - 内部类打开父类的后门

[英]Java - Inner Classes opening a backdoor to Parent Class

 原文  2015-11-17 06:35:00       java/ bytecode/ inner-classes

问题描述

I was going through some JVM Bytecode articles when I came across this video which shows how Inner Classes open up a backdoor into the parent scope, which could be exploited? 当我看到这个视频时,我正在浏览一些JVM字节码文章,这些视频展示了内部类如何打开后门进入父范围,可以被利用? (not sure, maybe it could be?) (不确定,也许可能是?)

Here's my test code. 这是我的测试代码。 

public class Outer {

    private String name = "You got me!";

    public class Inner {
        public void printName() {
            System.out.println(name);
        }
    }

    public static void main(String[] args) {

        Outer o = new Outer();
        Inner i =  o.new Inner();
        i.printName();
    }
}

Now to see if such a backdoor method was being created I used javap to look into the class files. 现在看看是否正在创建这样的backdoor方法我使用javap来查看类文件。

Here is the result, see the printName method 结果如下,请参阅printName method

用于printName方法的ByteCode

See the line 7: , you will see the invokestatic call to a Outer.access$0 . 请参阅第7:7: ,您将看到对Outer.access$0invokestatic调用。

Looking into the Outer.class we see the definition of the method. 查看Outer.class我们看到了该方法的定义。

后门方法定义

Is this a security vulnerability? 这是一个安全漏洞吗? Can it be exploited? 可以被剥削吗? I am just curious to know more on this. 我很想知道更多。

2 个解决方案

解决方案1
 4  2015-11-17 08:26:21

There is no direct support for nested classes at the bytecode level, so each nested class in the Java source has to be compiled to a separate classfile. 在字节码级别没有直接支持嵌套类,因此Java源代码中的每个嵌套类都必须编译为单独的类文件。 Effectively, they are completely separate, ordinary classes with some extra metadata for reflection purposes. 实际上,它们是完全独立的普通类,带有一些额外的元数据用于反射目的。 When you access a member of the parent, the nested class needs to have access to that parent. 当您访问父级成员时,嵌套类需要具有该父级的访问权限。

Normally, this is not a problem, but private members are only accessible within the class where they are defined, and hence not to the inner class. 通常,这不是问题,但私有成员只能在定义它们的类中访问,因此不能访问内部类。 The compiler solves this by creating a bridge method that effectively changes the access level to package private. 编译器通过创建一个有效地将访问级别更改为包私有的桥接方法来解决此问题。

This is a well documented phenomenon. 这是一个记录良好的现象。 Is it a security vulnerability? 这是一个安全漏洞吗? Not unless you are doing something very odd. 除非你做的事非常奇怪。 Relying on Java's in-process sandbox is a bad idea if you care about security. 如果您关心安全性,依赖Java的进程中沙箱是一个坏主意。 But if you're working on a project that does this anyway, then yes, this is one on a long list of gotchas that you have to be aware of while coding the sandbox. 但是如果你正在开发一个完成这个任务的项目,那么是的,这是在编写沙箱时必须注意的一长串陷阱中的一个。

解决方案2
 2  2015-11-17 06:38:37

As you can note, synthetic accessor method has package private access. 您可以注意到,合成访问器方法具有包私有访问权限。 Thus when security manager is active, you cannot access it via reflection. 因此,当安全管理器处于活动状态时,您无法通过反射访问它。 Using MethodHandles.lookup you can access it from the same package only. 使用MethodHandles.lookup您只能从同一个包中访问它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用内部类编译Java类? - How to compile java class with inner classes? Java类,用于通过内部类实现SAX Parser - Java class for implementing a SAX Parser with inner classes Java-外部类内部的内部类数组 - Java - Array of Inner Classes inside of Outer Class 从Java的封闭类继承的内部类 - Inner classes inherited from the enclosing class in Java Java:如何加载已经在类路径上的类(及其内部类)? - Java: How to load a class (and its inner classes) that is already on the class path? 关于Java内部类的两个问题(A类{B类{}}) - Two questions on inner classes in Java (class A { class B { } }) 在java中,内部类是否可以从内部类外部类之外定义的抽象类继承? - In java can inner classes inherit from an abstract class defined outside of the inner class's outer class? 嵌套类,内部类 - Nested Classes, Inner Class Java中的内部静态类 - Inner static classes in java Java:d​​efineClass和内部类 - Java: defineClass and inner classes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM