Should System.exit be controlled by a Scope Local?
Alan Bateman
Alan.Bateman at oracle.com
Mon Feb 28 14:05:16 UTC 2022
On 26/02/2022 22:14, Ethan McCue wrote:
> I have a feeling this has been considered and I might just be articulating
> the obvious - but:
>
> As called out in JEP 411, one of the remaining legitimate uses of the
> Security Manager is to intercept calls to System.exit. This seems like a
> decent use case for the Scope Local mechanism.
>
I think it was mostly convenience to use the SM to intercept calls to
System.exit as it's not really security when all other permissions are
granted.
There have been a few prototypes of APIs in this area but none made to
the level of a good proposal. Using a SL or even TL set/remove is
interesting but you might want to survey some of the existing usages to
see if they are really stack confined. At least some of the uses have
been container applications with plugins that accidentally call
System.exit when running code not intended to run that way. I don't
think there is any guarantee that they run completely in the same thread
but some may do.
-Alan
More information about the core-libs-dev
mailing list