Code Review request for 7050329

Sean Mullan sean.mullan at
Thu Jun 2 07:03:00 PDT 2011

On 6/2/11 9:36 AM, Alan Bateman wrote:
> Sean Mullan wrote:
>> Hi Alan,
>> Would you be able to review my fix for 7050329? In the fix, I removed the
>> dependency on the java.ext.dirs system property and the default java.policy
>> file, which may contain implementation-specific content and thus could vary on
>> JREs from other vendors.
>> (Note that the bug hasn't appeared on yet)
>> Thanks,
>> Sean
> Looks okay to me. I assume a simpler fix would be to just change the split to
> use the path separator rather than ":".

Yes, but I wanted to completely avoid any dependency and potential additional 
parsing issues on java.ext.dirs, which can be extended to contain additional 
directories, etc.

Similarly, I could not find a standard that *explicitly* states the default 
java.policy file must grant AllPermission to standard extensions. It is sort of 
implied by [1], but still not explicit in my opinion.

Although I think it would be very rare to fail because of those cases, I still 
think this fix is better because it eliminates any doubt about that.



More information about the security-dev mailing list