RFR 8154192: Deprivilege java.scripting module
Sundararajan Athijegannathan
sundararajan.athijegannathan at oracle.com
Wed May 18 08:53:58 UTC 2016
Thanks. I'll make that change and push it.
-Sundar
On 5/18/2016 2:17 PM, Alan Bateman wrote:
> On 18/05/2016 08:55, Sundararajan Athijegannathan wrote:
>> Please review the updated webrevs.
>>
>> * Fixed Modules.gmk for order of modules:
>>
>> http://cr.openjdk.java.net/~sundar/8154192/top/webrev.01/
>>
>> * From quick reading of j.u.ServiceLoader: AccessControlContext is
>> captured in ServiceLoader constructor & used for iteration
>> (RestrictedIterator). So, ScriptEngineManager calling only ServiceLoader
>> constructor inside doPrivileged block seems fine. Also, I turned
>> ProviderTest javax.script API test to use security manager - this tests
>> loads a dummy script engine from a jar file in classpath. This test
>> passes with security manager on.
>>
>> http://cr.openjdk.java.net/~sundar/8154192/jdk/webrev.01/
>>
>> Yes, we can still revisit AllPermission for java.scripting module in a
>> future change.
>>
> One suggestion is to run ProviderTest twice, both with and without SM.
> The rest looks okay.
>
> -Alan.
More information about the nashorn-dev
mailing list