Prevent privilege escalation through AccessController.doPrivileged()
Florian Weimer
fweimer at redhat.com
Thu Jul 4 14:44:16 UTC 2013
Is there a way to prevent future calls to
AccessController.doPrivileged() from the same thread from actually
increasing privilege?
I'm specifically concerned about code whose calls would otherwise
succeed because the containing class has the required permissions.
Reducing these privileges with a separate class loader seems to be the
official way to achieve that. Is there a way to get there without
defining and installing your own (global) security manager.
It would be a nice feature if we could easily run code with reduced
privileges.
--
Florian Weimer / Red Hat Product Security Team
More information about the core-libs-dev
mailing list