Review request: 8040059 Change default policy for extensions to no permission
Mandy Chung
mandy.chung at oracle.com
Tue Apr 22 19:39:57 UTC 2014
This change proposes to remove granting all permissions for extensions
as the default and implements the principle of least privilege.In JDK 9,
we want to reduce the privileges of as many system classes as possible.
http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8040059/webrev.00/
This patch has reduced the zipfs, localedata and cldrdata to grant the
permissions they require. It grants AllPermission to other jar files in
the lib/ext directory shipped with JDK and this change is intended to
enable the component teams to identify the minimum permissions and fix
any issue, if any.
Libraries installed in the extensions directory depending on
AllPermission granted by default are impacted. Making this change as
early in JDK 9 allows us to identify any customer impacted by this change.
Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20140422/c893f05d/attachment.htm>
More information about the security-dev
mailing list