...
| Code Block | ||
|---|---|---|
| ||
package Safe;
import java.beans.Beans;
class Trusted {
Trusted() { }
public static <T> T create(Class<T> c) {
try {
SafeClassLoaderClassLoader sclcl = new SafeClassLoader();
ClassLoader cl = scl.getClass().getClassLoader();
Object b = Beans.instantiate(cl, c.getName());
return c.cast(b.getClass());
} catch(Throwable t) { /* forward to handler */ }
return null;
}
}
// code outside the package
package Attacker;
import Safe.Trusted;
public class attack {
public static void main(String[] args) {
System.out.println(Trusted.create(Trusted.class)); // throws java.lang.IllegalAccessException
}
}
|
...