...
The permission java.lang.RuntimePermission applied to target createClassLoader grants code the permission to create a ClassLoader object. This is extremely dangerous because malicious code can create its own custom class loader and load classes by assigning them arbitrary permissions. A custom class loader can define a class (or ProtectionDomain) with permissions that override any restrictions specified in the systemwide security policy file.
| Wiki Markup |
|---|
_Permissions in the |
Java SE 6 Development Kit |
_ \[[Permissions 2008|AA. References#Permissions 08]\] states: |
This is an extremely dangerous permission to grant. Malicious applications that can instantiate their own class loaders could then load their own rogue classes into the system. These newly loaded classes could be placed into any protection domain by the class loader, thereby automatically granting the classes the permissions for that domain.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d03bfa4a20912ab9-5e5bcf4f-47674dfc-b9fc82f4-2a3e6166fd2390dea81a9404"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | [Class | http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html], [ | http://java.sun.com/javase/6/docs/api/java/lang/reflect/ReflectPermission.html], [ | http://java.sun.com/javase/6/docs/api/java/lang/reflect/RuntimePermission.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="138eae9e28e3678f-29a04d4f-41aa4096-849db739-1a06e65b5ad56c00ebda77fa"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. References#Gong 03]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="73d470d890202931-54278056-4c7542af-b80b8951-819e4e2bf364fa570a66ab8d"><ac:plain-text-body><![CDATA[ | [[Long 2005 | AA. References#Long 05]] | Section 2.5, Reflection | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6de42ffb99229522-3912cc7b-445446ec-8e2c85d4-14647ed23d97d0313db46f50"><ac:plain-text-body><![CDATA[ | [[Permissions 2008 | AA. References#Permissions 08]] | Section [ | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html#ReflectPermission] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a7a8d5e361486424-fd75b1fb-489a48e4-929796b7-80af709f46aa0b8cec39c7da"><ac:plain-text-body><![CDATA[ | [[Reflect 2006 | AA. References#Reflect 06]] | ]]></ac:plain-text-body></ac:structured-macro> | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a5b1e5859440ab55-4b5b419f-4bfc4d31-b221b375-4490bac9206036cb0e3db90f"><ac:plain-text-body><![CDATA[ | [[Security 2006 | AA. References#Security 06]] | [Security Architecture | http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html], Section [ | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html#RuntimePermission] | ]]></ac:plain-text-body></ac:structured-macro> |
...