/hg/release/icedtea-web-1.0: Restrict access to net.sourceforge....
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Thu Feb 10 08:23:47 PST 2011
changeset cc8c67ed615e in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=cc8c67ed615e
author: Deepak Bhole <dbhole at redhat.com>
date: Thu Feb 10 11:19:53 2011 -0500
Restrict access to net.sourceforge.jnlp.* classes by untrusted
classes.
diffstat:
2 files changed, 10 insertions(+)
ChangeLog | 6 ++++++
netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 4 ++++
diffs (27 lines):
diff -r 74f0a9c6e509 -r cc8c67ed615e ChangeLog
--- a/ChangeLog Thu Feb 10 11:22:59 2011 -0500
+++ b/ChangeLog Thu Feb 10 11:19:53 2011 -0500
@@ -1,3 +1,9 @@ 2011-02-10 Deepak Bhole <dbhole at redhat.
+2011-02-10 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
+ Restrict access to net.sourceforge.jnlp.* classes by untrusted
+ classes.
+
2011-02-10 Deepak Bhole <dbhole at redhat.com>
* NEWS: Add 1.0.1
diff -r 74f0a9c6e509 -r cc8c67ed615e netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Feb 10 11:22:59 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Feb 10 11:19:53 2011 -0500
@@ -218,6 +218,10 @@ public class JNLPRuntime {
// plug in a custom authenticator and proxy selector
Authenticator.setDefault(new JNLPAuthenticator());
ProxySelector.setDefault(new JNLPProxySelector());
+
+ // Restrict access to netx classes
+ Security.setProperty("package.access",
+ Security.getProperty("package.access")+",net.sourceforge.jnlp");
initialized = true;
More information about the distro-pkg-dev
mailing list