/hg/icedtea-web: Added java.vm.name read permission to fix Rhino...
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Mon Jul 22 07:13:47 PDT 2013
changeset 6904f82aa501 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=6904f82aa501
author: Andrew Azores <aazores at redhat.com>
date: Mon Jul 22 10:13:30 2013 -0400
Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)
diffstat:
ChangeLog | 5 +++++
netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java | 7 +++++++
2 files changed, 12 insertions(+), 0 deletions(-)
diffs (39 lines):
diff -r 7c75bf721d7c -r 6904f82aa501 ChangeLog
--- a/ChangeLog Thu Jul 18 08:53:46 2013 +0200
+++ b/ChangeLog Mon Jul 22 10:13:30 2013 -0400
@@ -1,3 +1,8 @@
+2013-07-22 Andrew Azores <aazores at redhat.com>
+ * netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java:
+ (getProxiesWithoutCaching) added java.vm.name read permission to fix
+ Rhino parsing and PAC proxy configuration
+
2013-07-18 Jiri Vanek <jvanek at redhat.com>
IcedTea-Web is now following XDG .config and .cache specification(RH947647)
diff -r 7c75bf721d7c -r 6904f82aa501 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Thu Jul 18 08:53:46 2013 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Mon Jul 22 10:13:30 2013 -0400
@@ -48,6 +48,7 @@
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
import net.sourceforge.jnlp.util.TimedHashMap;
@@ -124,9 +125,15 @@
EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
pacHelperFunctionContents, url);
+
+ // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
+ // isn't supposed to do very much and so doesn't require all the default permissions given by
+ // java.policy
Permissions p = new Permissions();
p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
p.add(new SocketPermission("*", "resolve"));
+ p.add(new PropertyPermission("java.vm.name", "read"));
+
ProtectionDomain pd = new ProtectionDomain(null, p);
AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });
More information about the distro-pkg-dev
mailing list