Multi release jars on boot classpath
Andrew Dinn
adinn at redhat.com
Fri Jun 3 10:13:49 UTC 2016
On 02/06/16 14:25, Alan Bateman wrote:
> There has been ongoing effort to improve the security of the platform
> for a long time. The ongoing effort that we have been calling
> "de-privileging" involves moving non-core components out of the boot
> loader and granting these components reduced permissions where possible.
> This effort is not core to what we are doing here but having the JDK
> structured as modules, and making it easy to map modules to class
> loaders, has allowed this effort to make progress. I think most of the
> discussions on specific modules has been on the core-libs-dev or
> security-dev lists. There is a table in JEP 261 of the modules that have
> moved and this needs to updated because we have moved several other
> standard and JDK modules in recent months.
Of course, no one is against security just as no one is against apple
pie. Unfortunately, "de-privileging" is one of those vanilla words like
"modernisation" that can hide more than it reveals.
> So my point is that the set of types visible via the boot loader has
> been reducing steadily. This is a good thing for security but it comes
> with compatibility concerns. This is very much a change for a major
> release of course. One concern is custom class loaders that delegate
> directly to the boot loader. Eclipse is one example - there was a brief
> discussion about that on jdk9-dev some time ago. The other issue is
> agents that have supporting classes on the boot class path. This code
> won't be able to statically reference types in modules that have moved
> to the platform class loader (platform class loader = what used to be
> known as the "extension class loader"). Related is where an agent
> instruments code in modules defined to the boot loader in a way that
> would result in references to types in the platform class loader (the
> boot loader does not delegate). I think we will need feedback and help
> to assess the impact. It may be that agents working at this level aren't
> depending on types in non-core modules. However, I think this thread is
> a reminder that there will need to improvement documentation on this
> implementation issue. So far, the document is make/common/Modules.gmk as
> that is where the mapping lives.
The visibility of said types may well appear to Jigsaw devs to have been
reducing steadily in what is (or, if you take into account the EA
program, /was/ until very recently) unreleased and untried code.
However, this is still going to amount to a step change in the operation
of the JDK runtime for anyone moving from JDK8 to JDK9. hat step change
may not affect many applications directly but it certainly looks like it
is going to affect the continuity of operation of the tools and
middleware that a lot of those applications rely on. That's not simply
an implementation and/or documentation issue; it goes to the heart of
what functionality developers can rely on from their tools and middleware.
I don't think these issues have really begun to be addressed yet. I hate
to say this at such a late stage in the game (no one /wants/ to be a
Cassandra) but I think it is critical that the consequences of this
"de-privileging" are investigated and discussed properly before JDK9 is
released. That's not just wrt an obvious special case like agent code,
it definitely also includes the requirements of middleware code.
There is a big list of issues on the Jigsaw issues list still to be
talked through yet the current JDK9 implementation is moving
relentlessly towards a looming release deadline. How do the current
release timescales marry with the need for investigation and discussion?
How and when are the results of any such discussion going to be taken
into account and applied to the JDK? Is the plan to release what we have
now and then try to back-patch fixes? That sounds to me like it would be
a very bad move for JDK9 and, indeed, Java as a whole. What's the
alternative plan?
regards,
Andrew Dinn
-----------
Senior Principal Software Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander
More information about the jigsaw-dev
mailing list