[icedtea-web] RFC: PR687
Omair Majid
omajid at redhat.com
Wed Apr 20 11:35:58 PDT 2011
On 04/20/2011 02:24 PM, Deepak Bhole wrote:
> * Omair Majid<omajid at redhat.com> [2011-04-15 12:42]:
>> Hi,
>>
>> This is a (slightly updated) patch for PR687 [1].
>>
>> The patch modifies how we try to find the JNLPClassLoader (from
>> which we find the ApplicationInstance). We first search the Context
>> ClassLoader (and it's parents) and then we search the ClassLoader
>> for the classes on the stack (and their parents).
>>
>
> Patch looks okay to me. From a security perspective, the contextloader
> should be unique for jnlps and for applets it will only be same based on
> the cl sharing rules which is fine (within limits of the current design).
>
> Btw, what is the motivation for this? Was there a case where an
> incorrect loader was being returned off the stack?
>
In general, the implementation was incomplete - it did not take account
of applications which used their own ClassLoader to load classes. Please
see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=687 for more
details and a reproducer.
Cheers,
Omair
More information about the distro-pkg-dev
mailing list