RFR: JDK-8315897: some PrivilegedActions missing in JDK code for getting properties
Alan Bateman
alanb at openjdk.org
Fri Sep 8 09:02:39 UTC 2023
On Fri, 8 Sep 2023 08:26:16 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> There are some remaining places in 'general' JDK code (= code not related to e.g. a specific tool) getting properties like :
>
> osName = System.getProperty(os.name)
>
> https://github.com/openjdk/jdk/blob/master/src/java.management/share/classes/sun/management/VMManagementImpl.java#L225
>
> https://github.com/openjdk/jdk/blob/master/src/java.desktop/share/classes/sun/awt/FontConfiguration.java#L134
>
> Those should be a PrivilegedAction .
Many of the methods defined by RuntimeMXBea are specified to throw SecurityException if the SM denies reading the property. It looks like the changes to VMManagementImpl will break that.
It's not clear from the bug report if there is a bug here or not. I think the starting point needs to be a test that runs with a SM set and demonstrates an exported API throwing a security exception when it is not specified to do so.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15629#issuecomment-1711327123
More information about the client-libs-dev
mailing list