[Pljava-dev] threads left running after function end
Kris Jurka
books at ejurka.com
Wed May 27 00:18:45 UTC 2009
On Fri, 10 Oct 2008, Thomas Hallgren wrote:
> Keep in mind that the JVM has at least one thread that does garbage
> collection. It might have other threads as well that performs other type
> of maintenance. Such thread will never access the database and it's
> probably a bad thing to keep them from doing their work.
That's OK because the calls to Thread only look at the current (and sub)
ThreadGroups. The JVM threads are elsewhere and are not found.
Unfortunately just ensuring that all threads end before function return is
not enough to plug the security hole. If a trusted function calls an
untrusted function, as soon as the untrusted function is invoked, the
SecurityManager is replaced and another thread of the trusted function can
do nefarious things. Instead of two SecurityManagers that get switched
back and forth, we need a single SecurityManager that can tell in what
context it's being used. Unfortunately I have no idea how to do that at
the moment.
Without a fix to this I don't see any alternative to dropping the trusted
version of pljava.
Kris Jurka
More information about the Pljava-dev
mailing list