/hg/icedtea-web: Added java.vm.name read permission to fix Rhino...
Jiri Vanek
jvanek at redhat.com
Tue Jul 30 05:38:43 PDT 2013
IIRC - do not forget 1.4!
On 07/22/2013 04:13 PM, aazores at icedtea.classpath.org wrote:
> changeset 6904f82aa501 in /hg/icedtea-web
> details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=6904f82aa501
> author: Andrew Azores <aazores at redhat.com>
> date: Mon Jul 22 10:13:30 2013 -0400
>
> Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)
>
>
> diffstat:
>
> ChangeLog | 5 +++++
> netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java | 7 +++++++
> 2 files changed, 12 insertions(+), 0 deletions(-)
>
> diffs (39 lines):
>
> diff -r 7c75bf721d7c -r 6904f82aa501 ChangeLog
> --- a/ChangeLog Thu Jul 18 08:53:46 2013 +0200
> +++ b/ChangeLog Mon Jul 22 10:13:30 2013 -0400
> @@ -1,3 +1,8 @@
> +2013-07-22 Andrew Azores <aazores at redhat.com>
> + * netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java:
> + (getProxiesWithoutCaching) added java.vm.name read permission to fix
> + Rhino parsing and PAC proxy configuration
> +
> 2013-07-18 Jiri Vanek <jvanek at redhat.com>
>
> IcedTea-Web is now following XDG .config and .cache specification(RH947647)
> diff -r 7c75bf721d7c -r 6904f82aa501 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
> --- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Thu Jul 18 08:53:46 2013 +0200
> +++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Mon Jul 22 10:13:30 2013 -0400
> @@ -48,6 +48,7 @@
> import java.security.Permissions;
> import java.security.PrivilegedAction;
> import java.security.ProtectionDomain;
> +import java.util.PropertyPermission;
>
> import net.sourceforge.jnlp.util.TimedHashMap;
>
> @@ -124,9 +125,15 @@
>
> EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
> pacHelperFunctionContents, url);
> +
> + // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
> + // isn't supposed to do very much and so doesn't require all the default permissions given by
> + // java.policy
> Permissions p = new Permissions();
> p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
> p.add(new SocketPermission("*", "resolve"));
> + p.add(new PropertyPermission("java.vm.name", "read"));
> +
> ProtectionDomain pd = new ProtectionDomain(null, p);
> AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });
>
>
More information about the distro-pkg-dev
mailing list