Code Review Request: running signed modules with SecurityManager
Sean Mullan
sean.mullan at oracle.com
Fri May 28 08:13:27 PDT 2010
On 5/27/10 8:13 PM, Rémi Forax wrote:
>>> In SimpleLibrary.readLocalCodeSigners,
>>> if the file is removed between f.exists() and
>>> new FileInputstream, instead of returning null, you throw an
>>> IOException,
>>
>> Hmm, but there is no way for that to happen unless the library data is
>> being modified maliciously or accidentally.
>
> My question was more, is it the intended behavior ?
Ok. TBD. I think this needs to be addressed as a more general issue of the
Library implementation and what assumptions can or cannot be made about the data
(integrity, concurrent access, etc). I'll add a comment for now that this needs
to be looked at.
Thanks,
Sean
More information about the jigsaw-dev
mailing list