RFR 8154447: Exempt classes under java.util.concurrent from MH.Lookup restrictions
Hi, Please review: http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pk... <http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pkgs/webrev/> https://bugs.openjdk.java.net/browse/JDK-8154447 <https://bugs.openjdk.java.net/browse/JDK-8154447> This is a quick fix to allow classes under java.util.concurrent to call MethodHandles.lookup(), and thus unblock the use of such classes using VarHandles. To verify and ensure we don’t regress i included a simple test. These fragile checks will be revisited later under another issue. Paul.
Looks good to me. I'd add a TODO comment. On Tue, Apr 26, 2016 at 3:01 PM, Paul Sandoz <paul.sandoz@oracle.com> wrote:
Hi,
Please review:
http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pk... <http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pkgs/webrev/> https://bugs.openjdk.java.net/browse/JDK-8154447 <https://bugs.openjdk.java.net/browse/JDK-8154447>
This is a quick fix to allow classes under java.util.concurrent to call MethodHandles.lookup(), and thus unblock the use of such classes using VarHandles.
To verify and ensure we don’t regress i included a simple test.
These fragile checks will be revisited later under another issue.
Paul.
On 26 Apr 2016, at 15:14, Martin Buchholz <martinrb@google.com> wrote:
Looks good to me. I'd add a TODO comment.
Thanks. I have changed the comment to: // For caller-sensitive MethodHandles.lookup() disallow lookup from // restricted packages. This a fragile and blunt approach. // TODO replace with a more formal and less fragile mechanism // that does not bluntly restrict packages within java.base from // looking up MethodHandles or VarHandles. Paul.
On Tue, Apr 26, 2016 at 3:01 PM, Paul Sandoz <paul.sandoz@oracle.com> wrote:
Hi,
Please review:
http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pk... <http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pkgs/webrev/> https://bugs.openjdk.java.net/browse/JDK-8154447 <https://bugs.openjdk.java.net/browse/JDK-8154447>
This is a quick fix to allow classes under java.util.concurrent to call MethodHandles.lookup(), and thus unblock the use of such classes using VarHandles.
To verify and ensure we don’t regress i included a simple test.
These fragile checks will be revisited later under another issue.
Paul.
On Apr 26, 2016, at 3:01 PM, Paul Sandoz <paul.sandoz@oracle.com> wrote:
Hi,
Please review:
http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pk... <http://cr.openjdk.java.net/~psandoz/jdk9/JDK-8154447-mh-lookup-restricted-pkgs/webrev/> https://bugs.openjdk.java.net/browse/JDK-8154447 <https://bugs.openjdk.java.net/browse/JDK-8154447>
This is a quick fix to allow classes under java.util.concurrent to call MethodHandles.lookup(), and thus unblock the use of such classes using VarHandles.
This quick fix looks okay to me. This big hammer check was intended to be an expedient way to address a past security concern and should be replaced. Mandy
participants (3)
-
Mandy Chung
-
Martin Buchholz
-
Paul Sandoz