RFR 8154192: Deprivilege java.scripting module
Alan Bateman
Alan.Bateman at oracle.com
Tue May 17 12:24:31 UTC 2016
On 17/05/2016 13:04, Sundararajan Athijegannathan wrote:
> Please review fix for https://bugs.openjdk.java.net/browse/JDK-8154192
>
> java.scripting module is assigned to platform class loader (instead of
> boot loader). And java.scripting module is given AllPermission
> [previously it had AllPermission implicitly because of being boot loader
> code]
>
> jdk repo:
>
> http://cr.openjdk.java.net/~sundar/8154192/jdk/webrev.00/
>
> top level repo:
>
> http://cr.openjdk.java.net/~sundar/8154192/top/webrev.00/
>
>
Would it be possible to keep the PLATFORM_MODULES sorted? Otherwise it
looks okay as a first patch. I think we also need to understand why this
module needs AllPermission. From a quick look then it creates the SL
with all permissions but the iteration will be restricted by whatever is
on the stack so I just wonder if it works as intended.
-Alan
More information about the nashorn-dev
mailing list