JEP proposed to target JDK 24: 486: Permanently Disable the Security Manager
Alex Buckley
alex.buckley at oracle.com
Tue Nov 5 18:36:20 UTC 2024
On 11/5/2024 9:07 AM, Loïc MATHIEU wrote:
> I already sent this feedback to this mailing list without an answer, so
> I'm not sure if my first message was successfully delivered.
> In doubt I'll resend it.
>
> On top of my mind, but I know that if a replacement would be created, it
> would not be that one; something close to what we have with
> structured concurrency would be great:
> try
> (SecurityScope.allowNewThread(false).allowNewProcesses(false).canExitVM(false).allowFileAccess(fileName -> file.startWith(workingDir)) {
> // run the plugin code
> plugin.run();
> }
You're saying that calls to some methods in the Java Platform API (e.g.,
System.exit) should be disallowed if they come from a plugin. We view
this as "intercepting" calls to the Java Platform API. We recently
updated JEP 486 to more clearly address this matter:
https://openjdk.org/jeps/486#Intercepting-calls-to-the-Java-Platform-API
Alex
More information about the jdk-dev
mailing list