[icedtea-web] RFC: PR687
Deepak Bhole
dbhole at redhat.com
Wed Apr 20 11:47:40 PDT 2011
* Omair Majid <omajid at redhat.com> [2011-04-20 14:35]:
> On 04/20/2011 02:24 PM, Deepak Bhole wrote:
> >* Omair Majid<omajid at redhat.com> [2011-04-15 12:42]:
> >>Hi,
> >>
> >>This is a (slightly updated) patch for PR687 [1].
> >>
> >>The patch modifies how we try to find the JNLPClassLoader (from
> >>which we find the ApplicationInstance). We first search the Context
> >>ClassLoader (and it's parents) and then we search the ClassLoader
> >>for the classes on the stack (and their parents).
> >>
> >
> >Patch looks okay to me. From a security perspective, the contextloader
> >should be unique for jnlps and for applets it will only be same based on
> >the cl sharing rules which is fine (within limits of the current design).
> >
> >Btw, what is the motivation for this? Was there a case where an
> >incorrect loader was being returned off the stack?
> >
>
> In general, the implementation was incomplete - it did not take
> account of applications which used their own ClassLoader to load
> classes. Please see
> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=687 for more
> details and a reproducer.
>
Ah ok. Yeah thats what I figured too (an app creating its own loader and
spawning a new thread causing the stack being filled with those
classes). I did check out 687, couldn't find the source though, just
.class files.
Anyway, OK for head.
Cheers,
Deepak
More information about the distro-pkg-dev
mailing list