Path: csiph.com!1.us.feeder.erje.net!3.us.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!bofh.it!news.nic.it!robomod
From: Joseph Nahmias <joe@nahmias.net>
Newsgroups: linux.debian.bugs.dist,linux.debian.devel,linux.debian.maint.java
Subject: Bug#1037455: ITP: narcissus -- limited Java reflection library that bypasses security restrictions
Date: Tue, 13 Jun 2023 07:00:02 +0200
Message-ID: <GG4im-fy8I-3@gated-at.bofh.it>
X-Original-To: Debian Bug Tracking System <submit@bugs.debian.org>
X-Mailbox-Line: From debian-bugs-dist-request@lists.debian.org  Tue Jun 13 04:57:10 2023
Old-Return-Path: <debbugs@buxtehude.debian.org>
X-Spam-Flag: NO
X-Spam-Score: -3.16
Reply-To: Joseph Nahmias <joe@nahmias.net>, 1037455@bugs.debian.org
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Cc: debian-devel@lists.debian.org, debian-java@lists.debian.org, tool.factory.heads@gmail.com, joe@nahmias.net, wnpp@debian.org
X-Debian-Pr-Message: report 1037455
X-Debian-Pr-Package: wnpp
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Mailer: reportbug 12.0.0
X-Debian-Message: from BTS
X-Mailing-List: <debian-bugs-dist@lists.debian.org> archive/latest/1774605
List-ID: <debian-bugs-dist.lists.debian.org>
List-URL: <https://lists.debian.org/debian-bugs-dist/>
Approved: robomod@news.nic.it
Lines: 25
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Tue, 13 Jun 2023 00:54:19 -0400
X-Original-Message-ID: <168663205915.3870341.152652530794163565.reportbug@pinky.nahmias.net>
Xref: csiph.com linux.debian.bugs.dist:1149424 linux.debian.devel:108192 linux.debian.maint.java:12645

Package: wnpp
Severity: wishlist
Owner: Joseph Nahmias <joe@nahmias.net>
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-java@lists.debian.org, tool.factory.heads@gmail.com, joe@nahmias.net

* Package name    : narcissus
  Version         : 1.0.7
  Upstream Contact: ToolFactory <tool.factory.heads@gmail.com>
* URL             : https://github.com/toolfactory/narcissus
* License         : MIT
  Programming Lang: Java
  Description     : limited Java reflection library that bypasses security restrictions

Narcissus is a JNI native code library that provides a small subset of the Java
reflection API, while bypassing all of Java's access/visibility checks,
security manager restrictions, and module strong encapsulation enforcement, by
calling methods and accessing fields through the JNI API. This allows code that
relies on reflective access to non-public classes, fields, and methods to keep
working even now that strong encapsulation is being enforced in JDK 16+.

Narcissus works on JDK 7+, however it is most useful for suppressing reflective
access warnings in JDK 9-15, and for circumventing strong encapsulation for JDK
16+, in order to keep legacy software running (for example, when legacy
software depends upon setAccessible to access a needed private field of a class
in some library).