JEP draft: Disallow the Dynamic Loading of Agents by Default
Michał Kłeczek
michal at kleczek.org
Mon May 1 17:08:04 UTC 2023
> On 1 May 2023, at 11:57, Ron Pressler <ron.pressler at oracle.com> wrote:
>
[...]
>
> There’s no need for such code. Modules that need JNI will use JNI. The application will simply give them permission to do so with --enable-native-access=MODULE-NAME, as it would also do to allow FFM to use native libraries.
I wonder if you are planning to define a formal grammar for all these command line options defining “integrity policies” as it surely looks to me like…
grant MODULE-NAME {
AllPermission
}
grant MODULE-NAME {
OpenModulePermission(“module-to-open-name”)
}
Wouldn’t it be better to reconsider JEP 411 and just make running under security manager the default?
—
Michal
More information about the jigsaw-dev
mailing list