Request for review: 8016046 (process) Strict validation of input should be security manager case only [win]
Alexey Utkin
alexey.utkin at oracle.com
Fri Jun 7 09:02:57 UTC 2013
Hi,
Please review the fix.
Bug description:
http://bugs.sun.com/view_bug.do?bug_id=8016046
https://jbs.oracle.com/bugs/browse/JDK-8016046
The suggested fix:
http://cr.openjdk.java.net/~uta/openjdk-webrevs/JDK-8016046/webrev.00/
Summary:
In absence of the Security Manager the verification procedure for
the command-line was restored as before the JDK-8012453 fix. That
suggests the ability of inline input/output redirection, piping,
simultaneous launching of several programs by single command, lost
spaces and etc.
The extended verification procedure is activated in presence of the
Security Manager or installing to "false" the
"jdk.lang.Process.allowAmbiguousCommands" Java property.
Regards,
-uta
More information about the core-libs-dev
mailing list