/hg/icedtea-web: Added java.vm.name read permission to fix Rhino...

Jiri Vanek jvanek at redhat.com
Tue Jul 30 05:38:43 PDT 2013 

IIRC - do not forget 1.4!

On 07/22/2013 04:13 PM, aazores at icedtea.classpath.org wrote:
> changeset 6904f82aa501 in /hg/icedtea-web
> details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=6904f82aa501
> author: Andrew Azores <aazores at redhat.com>
> date: Mon Jul 22 10:13:30 2013 -0400
>
> 	Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)
>
>
> diffstat:
>
>   ChangeLog                                                     |  5 +++++
>   netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java |  7 +++++++
>   2 files changed, 12 insertions(+), 0 deletions(-)
>
> diffs (39 lines):
>
> diff -r 7c75bf721d7c -r 6904f82aa501 ChangeLog
> --- a/ChangeLog	Thu Jul 18 08:53:46 2013 +0200
> +++ b/ChangeLog	Mon Jul 22 10:13:30 2013 -0400
> @@ -1,3 +1,8 @@
> +2013-07-22  Andrew Azores <aazores at redhat.com>
> +	* netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java:
> +	(getProxiesWithoutCaching) added java.vm.name read permission to fix
> +	Rhino parsing and PAC proxy configuration
> +
>   2013-07-18  Jiri Vanek  <jvanek at redhat.com>
>
>   	IcedTea-Web is now following XDG .config and .cache specification(RH947647)
> diff -r 7c75bf721d7c -r 6904f82aa501 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
> --- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java	Thu Jul 18 08:53:46 2013 +0200
> +++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java	Mon Jul 22 10:13:30 2013 -0400
> @@ -48,6 +48,7 @@
>   import java.security.Permissions;
>   import java.security.PrivilegedAction;
>   import java.security.ProtectionDomain;
> +import java.util.PropertyPermission;
>
>   import net.sourceforge.jnlp.util.TimedHashMap;
>
> @@ -124,9 +125,15 @@
>
>           EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
>                   pacHelperFunctionContents, url);
> +
> +        // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
> +        // isn't supposed to do very much and so doesn't require all the default permissions given by
> +        // java.policy
>           Permissions p = new Permissions();
>           p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
>           p.add(new SocketPermission("*", "resolve"));
> +        p.add(new PropertyPermission("java.vm.name", "read"));
> +
>           ProtectionDomain pd = new ProtectionDomain(null, p);
>           AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });
>
>

More information about the distro-pkg-dev mailing list