/hg/icedtea-web: Restrict access to net.sourceforge.jnlp.* class...
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Thu Feb 10 08:27:33 PST 2011
changeset c4054514c102 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=c4054514c102
author: Deepak Bhole <dbhole at redhat.com>
date: Thu Feb 10 11:19:53 2011 -0500
Restrict access to net.sourceforge.jnlp.* classes by untrusted
classes.
diffstat:
2 files changed, 10 insertions(+)
ChangeLog | 6 ++++++
netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 4 ++++
diffs (27 lines):
diff -r a6b173d91ad1 -r c4054514c102 ChangeLog
--- a/ChangeLog Wed Feb 09 10:02:46 2011 -0500
+++ b/ChangeLog Thu Feb 10 11:19:53 2011 -0500
@@ -1,3 +1,9 @@ 2011-02-09 Omair Majid <omajid at redhat.
+2011-02-10 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
+ Restrict access to net.sourceforge.jnlp.* classes by untrusted
+ classes.
+
2011-02-09 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java
diff -r a6b173d91ad1 -r c4054514c102 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed Feb 09 10:02:46 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Feb 10 11:19:53 2011 -0500
@@ -222,6 +222,10 @@ public class JNLPRuntime {
// plug in a custom authenticator and proxy selector
Authenticator.setDefault(new JNLPAuthenticator());
ProxySelector.setDefault(new BrowserAwareProxySelector());
+
+ // Restrict access to netx classes
+ Security.setProperty("package.access",
+ Security.getProperty("package.access")+",net.sourceforge.jnlp");
initialized = true;
More information about the distro-pkg-dev
mailing list