RFR: 8043306 - Provide a replacement for the API that allowed to listen for LogManager configuration changes
Peter Levart
peter.levart at gmail.com
Fri Sep 12 12:04:39 UTC 2014
On 09/12/2014 11:21 AM, Alan Bateman wrote:
> On 12/09/2014 08:14, Peter Levart wrote:
>> :
>>
>> Just a question about security and delayed execution...
>>
>> If at the time the configuration listener is added to the LogManager,
>> SecurityManager is not set, the listener will be invoked directly
>> even if at time the listener is invoked, SM has been set.
> True but we typically don't get concerned about this. That is all bets
> are off if you allow untrusted code to run before setting the security
> manager.
I buy that, yes...
Regards, Peter
> So normally the assumption is that you are either running with or
> without a security manager, ignoring the case when it might be set or
> unset mid-flight. Also for the common case (running without a security
> manager) then you avoid needing to stash away the access control
> context as that has a number of side effects (Stanimir has picked up
> on this). Clearly there is a timing issue with code that runs early in
> the startup before the system class loader has fully initialized and
> the security manager set but great care has to be taken in those code
> paths.
>
> -Alan
More information about the core-libs-dev
mailing list