Minor thoughts (Re: [External] : Re: JEP draft: Prepare to Restrict The Use of JNI
Michał Kłeczek
michal at kleczek.org
Sat Sep 2 13:51:12 UTC 2023
> On 2 Sep 2023, at 15:09, Ron Pressler <ron.pressler at oracle.com> wrote:
>
>
>
>> On 2 Sep 2023, at 13:23, Michał Kłeczek <michal at kleczek.org> wrote:
>>
>> The direction more and more looks to me like good old policy files albeit with informal ad-hoc syntax :) (and ad-hoc enforcement mechanism).
>
> I don’t think it’s that ad-hoc, but it’s the standard way to configure Java programs since forever (*all* Java programs since the JRE was removed).
It is ad-hoc comparing to policy files - AFAIK the syntax of these files is not formally specified.
Anyway - we are disgressing.
>
>>
>> Granted - at this moment we are only talking about guarding platform integrity (however defined) but the issues faced right now are probably very similar to issues that would be faced when moving from opt-in to opt-out SecurityManager.
>
> If you carefully study the design of SecurityManager and strong encapsulation you will see that it’s the difference between practically intractable (for modern, dependency-heavy, server side applications) and quite straightforward. It’s no wonder it’s taken years to come up with the design, the (hopefully right) granularity, and the separation of what is best done at which software layer.
1. I was talking about social issues - seem to me they would be the same if you tried to enforce SecurityManager
2. I am not convinced that it really works as well as advertised by OpenJDK team. For example: you ignored my question about dynamically loaded modules - how are they handled by these command line flags?
—
Michal
More information about the jdk-dev
mailing list