[icedtea-web] RFC: PR687
Deepak Bhole
dbhole at redhat.com
Wed Apr 20 11:24:38 PDT 2011
* Omair Majid <omajid at redhat.com> [2011-04-15 12:42]:
> Hi,
>
> This is a (slightly updated) patch for PR687 [1].
>
> The patch modifies how we try to find the JNLPClassLoader (from
> which we find the ApplicationInstance). We first search the Context
> ClassLoader (and it's parents) and then we search the ClassLoader
> for the classes on the stack (and their parents).
>
Patch looks okay to me. From a security perspective, the contextloader
should be unique for jnlps and for applets it will only be same based on
the cl sharing rules which is fine (within limits of the current design).
Btw, what is the motivation for this? Was there a case where an
incorrect loader was being returned off the stack?
Cheers,
Deepak
More information about the distro-pkg-dev
mailing list