[security-dev 01141]: TimeZone.setDefaultZone() permission check change between 6 and 7
Mark Wielaard
mjw at redhat.com
Fri Aug 28 17:09:29 UTC 2009
Hi,
While investigating a bug report reported by one of the JBoss hackers:
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=381
"Stackoverflow error with security manager, signed jars and
-Djava.security.debug set", I noticed there is a change in permission
check between openjdk6 and openjdk7 with respect to the
TimeZone.setDefaultZone() method.
Attached is the diff. The first change is similar to what I would have
suggested. But I am not sure about the second change.
I couldn't find a commit or bug report for this issue. Does someone
remember why the changes were made? I would like to backport them to 6.
Thanks,
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: TimeZone.diff
Type: text/x-patch
Size: 692 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20090828/d9561d0e/TimeZone.diff>
More information about the security-dev
mailing list