Reputation: 4857
Does Java unsafe allow process hollowing?
The sun Unsafe class has methods that manipulate memory address location, my question can these methods allow performing process hollowing which attaches/copies code to another process inside the JVM?
private static Unsafe unsafe;
static {
try {
Field field = Unsafe.class.getDeclaredField("theUnsafe");
field.setAccessible(true);
unsafe = (Unsafe) field.get(null);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static void processHollowing(Object obj) {
unsafe.setMemory(...);
unsafe.copyMemory(...);
}
Upvotes: 0
Views: 175
Answers (1)
Reputation: 41
In later versions of Java, Unsafe has been reinforced with several security upgrades that basically were put in place to prevent code like this. Most, if not all, of these changes can be overridden with some JVM compile-time arguments.
However, there are restrictions about what parts of the address space are accessible by processes within and outside of the JVM, that might vary between operating systems. So the actual answer likely lies in your OS's memory management unit, and I would guess that most would prohibit this kind of behavior.
Upvotes: 1
Related Questions
- Java 8 Unsafe: xxxFence() instructions
- Is sun.misc.Unsafe thread safe?
- Can Java write to / read from off heap memory that was freed?
- Buffer vs Unsafe - Outside JVM
- Java Sandboxing and ProcessBuilder
- Java ProcessBuilder security threat?
- Is there a concept of "pointers" or "unsafe code" in Java?
- Java Unsafe Memory Manipulation vs. Java vs. C
- Could this (unsafe) code crash the JVM?
- How unsafe is the use of sun.misc.Unsafe actually?