/hg/icedtea-web: add configuration support for user prompts and ...
Omair Majid
omajid at redhat.com
Wed Nov 24 08:26:44 PST 2010
On 11/23/2010 02:54 PM, Deepak Bhole wrote:
> * Omair Majid<omajid at redhat.com> [2010-11-23 14:50]:
>> On 11/18/2010 12:02 PM, omajid at icedtea.classpath.org wrote:
>>> changeset 88d31285a14b in /hg/icedtea-web
>>> details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=88d31285a14b
>>> author: Omair Majid<omajid at redhat.com>
>>> date: Thu Nov 18 11:55:26 2010 -0500
>>>
>>> add configuration support for user prompts and other access control
>>> options
>>>
>>
>> I found a problem with this changeset.
>>
>>> @@ -187,6 +188,11 @@ public class SecurityDesc {
>>> for (int i=0; i< sandboxPermissions.length; i++)
>>> permissions.add(sandboxPermissions[i]);
>>>
>>> + String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING;
>>> + if (Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key)) == Boolean.TRUE) {
>>> + permissions.add(new AWTPermission("showWindowWithoutWarningBanner"));
>>> + }
>>> +
>>
>> This leads to infinite recursion if the caller does not have full
>> privileges. This calls DeploymentConfiguration, which calls
>> JNLPSecurityManager which calls JNLPClassLoader which in turn calls
>> SecurityDesc again. I dont know how this bug made it past my tests
>> :/ The fix is attached.
>>
>
> Looks good, ok for HEAD!
>
Thanks. Pushed.
Cheers,
Omair
More information about the distro-pkg-dev
mailing list