RFR: 8344220: Remove calls to SecurityManager and doPrivileged in java.net.InetAddress and sun.net.util.IPAddressUtil after JEP 486 integration
Jaikiran Pai
jpai at openjdk.org
Tue Nov 26 10:19:41 UTC 2024
On Tue, 26 Nov 2024 00:31:24 GMT, Aleksei Efimov <aefimov at openjdk.org> wrote:
> This PR removes calls to and mentions of the `SecurityManager` and the `doPrivileged` from the `java.net.InetAddress` and `sun.net.util.IPAddressUtil` and related classes.
>
> Noteworthy changes:
> - the default value (`30s`) of the `networkaddress.cache.ttl` security property responsible for successfull address lookups kept unchanged, the mention of SM removed from the property description in the `net-properties.html` file.
> - connect permission checks are removed from the `InetAddress`, and relevant classes, like `SocketPermission`. `SocketPermission.initEphemeralPorts` was also modified to remove `doPrivileged`.
> - `RuntimePermission("inetAddressResolverProvider")` permission has been removed from the system-wide `InetAddressResolver` initialization code.
>
> `tier1` to `tier3` tests show no relevant failures.
Should we clean up the comment in `InetAddressCachePolicy.checkValue()` which says:
/*
* If malicious code gets a hold of this method, prevent
* setting the cache policy to something laxer or some
* invalid negative value.
*/
Perhaps change that comment to just say:
// prevent setting the cache policy to something laxer
// or some invalid negative value.
That private method currently throws a `SecurityException` if the value being updated is rejected. Should it throw some other exception instead?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22376#issuecomment-2500213746
More information about the net-dev
mailing list