Querstion about ForkJoinPool / SecurityManager interoperability

Patrick Reinhart patrick at reini.net
Fri Dec 14 22:50:29 UTC 2018


Hi Martin,

In my simplified test, I managed to reproduce the execution in the main
thread, when I did not wait for a start and directly called get()...

as in your test here:

  99         await(taskStarted);

-Patrick

Am 14.12.18 um 16:11 schrieb Martin Buchholz:
>
>
> On Thu, Dec 13, 2018 at 4:37 AM Patrick Reinhart <patrick at reini.net
> <mailto:patrick at reini.net>> wrote:
>
>     Even if the security manager is enabled before the initialize of the
>     ForkJoinPool not all work is delegated to
>     InnocuousForkJoinWorkerThread
>     instances (sometimes it picks the main thread instead, that has
>     not the
>     restrictions, what I think should not be the case and is a potential
>     security leak too)
>
>
> Looking again at testCommonPoolThreadContextClassLoader, we had once
> noticed that a common pool task might escape into a caller thread, but
> as usual, we then forgot about it.
>
>   97         // Ensure runInCommonPool is truly running in the common
> pool,
>   98         // by giving this thread no opportunity to "help" on get().
>
>  And this might indeed be a security problem that should be fixed.





More information about the core-libs-dev mailing list