[icedtea-web] RFC: PR687
Omair Majid
omajid at redhat.com
Wed Apr 20 10:18:49 PDT 2011
On 04/15/2011 12:41 PM, Omair Majid wrote:
> Hi,
>
> This is a (slightly updated) patch for PR687 [1].
>
> The patch modifies how we try to find the JNLPClassLoader (from which we
> find the ApplicationInstance). We first search the Context ClassLoader
> (and it's parents) and then we search the ClassLoader for the classes on
> the stack (and their parents).
>
> Any thoughts or comments?
>
> ChangeLog
> 2011-04-15 Omair Majid <omajid at redhat.com>
>
> * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
> (getApplication): Pass the current thread as a parameter.
> (getApplication): Add extra argument, Thread. Search the Thread's
> context classloader and its parent and then search the
> ClassLoaders, and the parents, of the classes on the stack.
> (getJnlpClassLoader): New method.
> (checkExit): Pass current thread as a parameter to getApplication.
>
>
> [1] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=687
Any thoughts? Deepak, I would appreciate it if you could take a look at
it. We use getApplication() in a number of places and a wrong decision
made by getApplication() could have an impact on security.
Thanks,
Omair
More information about the distro-pkg-dev
mailing list