RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
David Holmes
david.holmes at oracle.com
Sun Feb 8 01:10:04 UTC 2015
On 7/02/2015 4:55 AM, Mark Sheppard wrote:
> Hi
> please oblige and review the following changes
> http://cr.openjdk.java.net/~msheppar/8068682/webrev/
> http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev/
>
> which address the issue in
> https://bugs.openjdk.java.net/browse/JDK-8068682
>
> this change means CORBA ORB is loaded by the extension class loader and
> no longer has has its former privilege of system code.
Just curious but under the pre-module extension mechanism installed
extensions had full system privileges by default[1]:
"By default, installed optional packages in this standard directory are
trusted. That is, they are granted the same privileges as if they were
core platform classes (those in rt.jar). This default privilege is
specified in the system policy file (in
<java-home>/jre/lib/security/java.policy), but can be overridden for a
particular optional package by adding the appropriate policy file entry
(see Permissions in the JDK)."
Does this mean that under the module system, things associated with the
Ext loader now need explicit policy entries in all cases?
Thanks,
David
[1]
https://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html
> as an interim measure corba is afforded all permissions privilege.
> this will be reduced in coming iterations.
>
> regards
> Mark
More information about the core-libs-dev
mailing list