Generics in Java – interoperability with legacy code
I'm reading oracle http://docs.oracle.com/javase/tutorial/extra/generics/legacy.html This tutorial for
But I can't figure out what this line means
Can someone explain it more clearly for me? Add: what exactly is the "integrity" of the JVM? What exactly does "at risk" mean?
Solution
This means that the JVM will never be considered an object as a type it is not Spoofing the runtime to think that a piece of data has different types is a powerful attack vector, especially if you can spoof the runtime to allow you to assign a value that it thinks is long or int, but it is actually a pointer
The basic security model of the JVM depends on the type of object considered by the runtime
I read a fascinating paper detailing an attack on a machine running Java that involves using a heating lamp to significantly increase memory errors Then they used a program that strategically aligned billions of objects in memory and waited for a sporadic bit flip Doing so will trick the JVM into thinking that it is processing different types of objects and eventually allow the JVM to run arbitrary code (for complete reads, see using memory errors to attack a virtual machine)
The fact that they use bit flipping has nothing to do with generics However, this article details the ability to cheat different types of runtime thinking objects In summary, imagine that you have classes a and B:
class A {
public long data = 0;
}
class B {
}
If you can cheat the JVM in some way, you are allowed to do so:
A aButActuallyB = someMagicAssignment(new B());
Somemagicassignment is a method that can reference B and return the reference object as a in some way Then consider what actually happens when you execute:
aButActuallyB.data = 0x05124202;
You may be writing arbitrary data in the JVM raw memory! For example, the data can be the location of the method Changing it to point to the contents of a byte array allows you to run arbitrary code later
So when Oracle says
It means that even if you can do this:
public static <T> T someMagicAssignment(B b){
return (T) b; //unchecked cast warning
}
Then call it:
A a = MyClass.<A>someMagicAssignment(new B());
This will still be run - time checked when assigned to a
Therefore, writing this method somemagicassignment is not easier than before Generics do not increase the surface area of this attack vector in any way because the JVM ignores generics in its internal type system No JVM has ever allowed you to provide a method for list < string >, and then let the method perform string operations on the elements of the list without checking that the elements are actually strings at run time You are never allowed to regard B as a without manual inspection