[icedtea-web] RFC: check prompting user with full permissions
Omair Majid
omajid at redhat.com
Fri Dec 17 07:29:45 PST 2010
Hi,
The attached patch fixes a bug in IcedTea-Web and ensures that when netx
checks whether the user should be prompted, it is done with full
permissions.
This is necessary because JNLPSecurityManager can ask the user to grant
an untrusted application socket permissions. Without this fix, the
caller is not allowed to prompt the user and the security exception
thrown essentially denies this permission. There maybe other code paths
for which this can happen too.
These particular configuration values does not seem very sensitive to
me. I dont see any issues if untrusted applications could read them.
Still, both the methods patched are private so they can only be called
from within the class. I don't see any problems with this doPrivileged
block.
Thoughts?
Cheers,
Omair
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check-prompting-with-full-permissions.patch
Type: text/x-patch
Size: 1819 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20101217/6addea01/check-prompting-with-full-permissions.patch
More information about the distro-pkg-dev
mailing list