[icedtea-web] RFC: PR687
Omair Majid
omajid at redhat.com
Wed Apr 20 12:35:15 PDT 2011
On 04/20/2011 02:47 PM, Deepak Bhole wrote:
> * Omair Majid<omajid at redhat.com> [2011-04-20 14:35]:
>> On 04/20/2011 02:24 PM, Deepak Bhole wrote:
>>> * Omair Majid<omajid at redhat.com> [2011-04-15 12:42]:
>>>> Hi,
>>>>
>>>> This is a (slightly updated) patch for PR687 [1].
>>>>
>>>> The patch modifies how we try to find the JNLPClassLoader (from
>>>> which we find the ApplicationInstance). We first search the Context
>>>> ClassLoader (and it's parents) and then we search the ClassLoader
>>>> for the classes on the stack (and their parents).
>>>>
>>>
>>> Patch looks okay to me. From a security perspective, the contextloader
>>> should be unique for jnlps and for applets it will only be same based on
>>> the cl sharing rules which is fine (within limits of the current design).
>>>
>>> Btw, what is the motivation for this? Was there a case where an
>>> incorrect loader was being returned off the stack?
>>>
>>
>> In general, the implementation was incomplete - it did not take
>> account of applications which used their own ClassLoader to load
>> classes. Please see
>> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=687 for more
>> details and a reproducer.
>>
>
> Ah ok. Yeah thats what I figured too (an app creating its own loader and
> spawning a new thread causing the stack being filled with those
> classes). I did check out 687, couldn't find the source though, just
> .class files.
>
> Anyway, OK for head.
>
Thanks for the review. I have pushed the change to HEAD.
Cheers,
Omair
More information about the distro-pkg-dev
mailing list