RFR: 8177845: Need a mechanism to load Graal
Doug Simon
doug.simon at oracle.com
Thu Apr 20 07:49:10 UTC 2017
> On 20 Apr 2017, at 00:31, Vladimir Kozlov <vladimir.kozlov at oracle.com> wrote:
>
> Doug,
>
> Can you point (link) particular code which needs to be reviewed? And what security issues could be?
I believe Chris had possible concerns with Services.initializeJVMCI() (at http://cr.openjdk.java.net/~dnsimon/8177845/hotspot/src/jdk.internal.vm.ci/share/classes/jdk.vm.ci.services/src/jdk/vm/ci/services/Services.java.udiff.html). As previously stated, I can't see any security issues with this method which is why it doesn't check JVMCIPermission.
-Doug
>
> Thanks,
> Vladimir
>
> On 4/19/17 2:12 PM, Doug Simon wrote:
>>> 3. Services.initializeJVMCI()
>
>>>> 3 is harmless from a security perspective in my opinion.
>>> Would be good if one of Oracle’s security engineers could take a quick look just to be sure.
>> Vladimir, can you please bring this to the attention of the relevant engineer.
>>
More information about the jigsaw-dev
mailing list