Following a conversation on another question, an interesting issue is being raised.
Classes loaded with a security manager are protected with the corresponding security. This security could disable reflection (for example).
The question is: is it possible to break a security manager with sun.misc.unsafe? If yes, how?
EDIT
Changed SecuredClassLoader
to Security Manager in question.
No. The sun.misc.Unsafe
class requires an access check just like any other privileged action. You can block it with a custom class loader or security manager. Here's a simple example with an empty security manager that shows it'll throw an AccessControlException
:
System.setSecurityManager(new SecurityManager());
Unsafe unsafe = Unsafe.getUnsafe();