RFR: 8275338: Add JFR events for notable serialization situations [v12]
Daniel Fuchs
dfuchs at openjdk.org
Wed Jan 10 16:23:27 UTC 2024
On Tue, 9 Jan 2024 10:46:27 GMT, Raffaello Giulietti <rgiulietti at openjdk.org> wrote:
>> src/java.base/share/classes/java/io/SerializationMisdeclarationChecker.java line 70:
>>
>>> 68: privilegedCheckAccessibleMethod(cl, WRITE_REPLACE_NAME,
>>> 69: WRITE_REPLACE_PARAM_TYPES, Object.class);
>>> 70: privilegedCheckAccessibleMethod(cl, READ_RESOLVE_NAME,
>>
>> Thinking ahead to when the security manager is removed, can the code that needs private access to field values (SUID) be more narrowly accessed? Perhaps switch to using a VarHandle and MethodHandles.Lookup. This may be a longer term issue and beyond the scope of this PR.
>>
>> In the naming of the `PrivilegedXXX` methods, I would drop the "privileged" part of the name.
>> The methods do not change the privilege level and operate correctly if when the caller has the privileges needed. And all of these methods are read-only so there is no/little risk in their implementations and avoid refitting the terminology later.
>
> They are called `privilegedXXX` because they _are_ (already) privileged, not because they change the privileges.
>
> But yes, in view of removing the security manager, the implementation could be more "modern". Will have a look.
> https://github.com/openjdk/jdk/pull/17129/commits/ff1b7068bd902f3030267afbc468e3244c944604
Thanks - that looks much cleaner.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17129#discussion_r1447617134
More information about the core-libs-dev
mailing list