...
Code Block | ||
---|---|---|
| ||
package Safe; import java.beans.Beans; public class Trusted { Trusted() { } public static <T> T create(Class<T> c) { try { ClassLoader cl = new SafeClassLoader(); Object b = Beans.instantiate(cl, c.getName()); return c.cast(b.getClass()); } catch(Throwable t) { t.printStackTrace(); /* forward to handler */ } return null; } } // code outside the package package Attacker; import Safe.Trusted; public class Attack { public static void main(String[] args) { System.out.println(Trusted.create(Trusted.class)); // throws java.lang.IllegalAccessException } } |
...