Review request: 8040059 Change default policy for extensions to no permission

Mandy Chung mandy.chung at oracle.com
Tue Apr 22 19:39:57 UTC 2014


This change proposes to remove granting all permissions for extensions 
as the default and implements the principle of least privilege.In JDK 9, 
we want to reduce the privileges of as many system classes as possible.

http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8040059/webrev.00/

This patch has reduced the zipfs, localedata and cldrdata to grant the 
permissions they require.  It grants AllPermission to other jar files in 
the lib/ext directory shipped with JDK and this change is intended to 
enable the component teams to identify the minimum permissions and fix 
any issue, if any.

Libraries installed in the extensions directory depending on 
AllPermission granted by default are impacted.   Making this change as 
early in JDK 9 allows us to identify any customer impacted by this change.

Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20140422/c893f05d/attachment.html>


More information about the security-dev mailing list