[rfc][icedtea-web][icedtea-web-1.5.2] allow also skip of permissions attribute check in case of disabled attributes check
Jie Kang
jkang at redhat.com
Tue Nov 25 14:24:55 UTC 2014
----- Original Message -----
>
> >
> > Hello,
> >
> >
> > Ah I see now. So basically, now it does not check permissions when
> > deployment.manifest.attributes.check=false. Before it would always check
> > it. Interesting...
> >
> > Seems okay, but I feel like aazores did this for a reason...
> >
> >
>
> Originally it was excluded :
> http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027165.html
>
> But later moved out during signed appelts support for sandbox attribute...
>
> I hope that the reason is only one - that sanbox in attribute is forcing
> sandbox no metter of
> outside signatures. Well by disbaling attributes check this is disabled and
> you can get hurt.
>
> If this is the only issue, then I'm ok with that.
>
> but:
>
> http://icedtea.classpath.org/hg/icedtea-web/rev/d1584d50c1e9 says:
>
> (checkAll): Extended Applet Security on Low disables all manifest checks
> except for Permissions
> Looking into
> http://icedtea.classpath.org/hg/icedtea-web/rev/d1584d50c1e9#l4.1
> the changelog statement seems wrong to me...
> so...Where is truth now?
Hello,
The patch is fine with me.
Regards,
>
>
> J.
>
--
Jie Kang
More information about the distro-pkg-dev
mailing list