Theoretical data race on java.util.logging.Handler.sealed
Peter Levart
peter.levart at gmail.com
Wed Dec 18 17:03:49 UTC 2013
On 12/17/2013 06:43 PM, Mandy Chung wrote:
> Can you check what methods are called by the constructors whose access
> are denied in the current implementation but granted in the patch? I
> have to take another look to make sure but I believe they only calls
> the methods in the handler classes that calls Handler.checkPermission.
>
> Mandy
Hi Mandy, Daniel,
Here's yet another variant that reduces the doPrivileged code to just
Handler's setters. This way no LogManager methods are invoked under
elevated privilege:
http://cr.openjdk.java.net/~plevart/jdk8-tl/jul.Handler.sealed/webrev.06/
I also factored-out common code into a single package-private
Handler.configure() method + two package-private getters that provide
this method with different defaults for different Handler subclasses.
configure() is in this variant called only in immediate Handler
subclasses: MemoryHandler & StreamHandler and not in SocketHandler or
ConsoleHandler. Each property is only set once this way at construction
time - current code sets each property twice in SocketHandler or
ConsoleHandler.
SocketHandler's output stream is set with privileged action in both
cases: whether constructed with configured or specified host/port.
Regards, Peter
More information about the core-libs-dev
mailing list