import-bot (20212) [Avatar] Offline
#1
[Originally posted 8/28/03 by Anonymous]

Ramnivas,

Last night I gave a presentation on AspectJ, and the one thing that concerned most of the attendees was the fact that you can alter third-party jar files.

As one person put it, what is to stop somebody from pulling an "Office Space" and putting in code that extracts $.01 into their account for every transaction. That person could write an aspect that weaves that code into the jar, and since that code would never be recompiled, there would be no way to remove that code, or to even detect it. And in the real world, many companies aren't very strict with their security. Now I realize that AspectJ isn't the only way to do this, but it seems that if it is brought into the organization that it could greatly increase the likelihood of something like this happening.

I think this is a huge concern that needs to be addressed before AspectJ is ready for prime time.

I would like to hear your take on this.

-George
import-bot (20212) [Avatar] Offline
#2
Re: Concern about altering third-party jars
[Originally posted 8/29/03 by Anonymous]

George,

This issue isn't limited to the use of AspectJ (as you point out). One can alter third-party jar files (or more specifically, behavior of classes in them) in multiple ways. For example, one can "override" a class in a jar file with an errant class by simply putting a jar file containing the errant class in front of the original jar file in CLASSPATH. One can also replace a class in jar file though a simple process. Further, many classes allow customization through use of environment variables that define classes to be loaded.

The real problem is ensuring the use of intended jar files. If a jar file is replaced with another jar file (containing malicious code), how that replacement jar file is created is non-consequential to the issue.

The solution ensures the use of the correct jar files in regular deployment scenario--verifying the identity of the creator and using only signed jars--works for aspect libraries as well.

<lighter-side>
A hacker with malicious intent is more likely to work at the bytecode level instead of AspectJ!
</lighter-side>

-Ramnivas