Prevent privilege escalation through AccessController.doPrivileged()

Florian Weimer fweimer at
Thu Jul 4 14:44:16 UTC 2013

Is there a way to prevent future calls to 
AccessController.doPrivileged() from the same thread from actually 
increasing privilege?

I'm specifically concerned about code whose calls would otherwise 
succeed because the containing class has the required permissions.

Reducing these privileges with a separate class loader seems to be the 
official way to achieve that.  Is there a way to get there without 
defining and installing your own (global) security manager.

It would be a nice feature if we could easily run code with reduced 

Florian Weimer / Red Hat Product Security Team

More information about the core-libs-dev mailing list