[ipv6] RFR: 8224256: test/jdk/java/security/SecureClassLoader/DefineClass.java hardcodes 127.0.0.1
Arthur Eubanks
aeubanks at google.com
Thu May 23 02:36:26 UTC 2019
Looks like this test is now failing, I'll take a look tomorrow, sorry about
this.
On Wed, May 22, 2019, 12:48 PM Sean Mullan <sean.mullan at oracle.com> wrote:
> On 5/22/19 3:33 PM, Arthur Eubanks wrote:
> >
> >
> > On Wed, May 22, 2019 at 12:12 PM Sean Mullan <sean.mullan at oracle.com
> > <mailto:sean.mullan at oracle.com>> wrote:
> >
> > On 5/22/19 1:28 PM, Arthur Eubanks wrote:
> > > On Wed, May 22, 2019 at 7:13 AM Daniel Fuchs
> > <daniel.fuchs at oracle.com <mailto:daniel.fuchs at oracle.com>
> > > <mailto:daniel.fuchs at oracle.com
> > <mailto:daniel.fuchs at oracle.com>>> wrote:
> > >
> > > Hi Arthur,
> > >
> > > 18 // For IPSupport
> > > 19 grant {
> > > 20 permission java.net.SocketPermission "localhost:0",
> > > "listen,resolve";
> > > 21 permission java.util.PropertyPermission
> > > "java.net.preferIPv4Stack", "read";
> > > 22 };
> > >
> > > It might be better if these permissions were granted to the
> > > library only.
> > >
> > > Done.
> >
> > Have you tested that with jtreg? I believe it may not work because of
> > the way the SecurityManager is enabled inside the test (rather than
> > using the jtreg java.security.policy option). You may find that you
> > also
> > need to grant those permissions to jtreg.jar since it is higher in
> the
> > call stack. If that is the case, you are probably better off granting
> > the permissions to all code, or restructuring the test to use the
> jtreg
> > java.security.policy option, where jtreg installs its own
> > SecurityManager to grant itself the proper permissions. However, that
> > will require some code changes and granting some additional
> permissions
> > to the test that are needed (for adding a security provider, etc)
> > before
> > it currently enables a SM. And that is probably more than you want
> > to do
> > for this fix.
> >
> > --Sean
> >
> > Tried it directly with jtreg
> > $ ~/jtreg/build/images/jtreg/bin/jtreg -jdk:./images/jdk/
> > ../test/jdk/java/security/SecureClassLoader/DefineClass.java
> > and it passes. Verified that removing the newly added permissions makes
> > it fail again.
> > There was some discussion on IPSupport and SecurityManagers when
> > IPSupport was first introduced:
> > https://markmail.org/message/vvemfm367ja3qllj
>
> Ok, the fix looks good then to me.
>
> --Sean
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20190522/f5656ac3/attachment-0001.html>
More information about the net-dev
mailing list