Review request: 8040059 Change default policy for extensions to no permission

Mandy Chung mandy.chung at oracle.com
Tue Apr 22 22:36:31 UTC 2014


On 4/22/14 2:54 PM, Bernd Eckenfels wrote:
> Hello,
>
> I do like to restrict the permissions granted, especially for client
> deployments.
>
> in a related note: why is JavaFX shipped by default as an extension?
JavaFX is coinstalled with Oracle JDK and not in the OpenJDK.  I will 
take out jfxrt.jar from the java.policy and the build should augment the 
system java.policy with any cobundled/coinstalled components.

Thanks for bringing up this question.  I missed to mention the open 
question to follow up how we want to build the system java.policy.  
There are platform-specific jar file and also different jar files in 
Oracle JDK build.  I currently list them all in java.policy in this 
initial patch.  One solution is to have one version of java.policy for 
each OS.  However this will suffer from the maintenance burden and also 
error-prone as the current java.security file.  I'd like to get the 
feedback from the security team before attempting to modify the makefiles.

> Or better asked, how is the admin in the future supposed to maintain a
> minimum JRE? Randomly deleting extension jars? Would it be better to
> ship the JAR only in a dir where they CAN be added to the classpath,
> but are not by default (similiar to javadb/derby).

Jigsaw/Modularity would be the answer and that will allow you to install 
the modules you want.

JFX is not built with OpenJDK. Are you questioning why JavaFX is 
coinstalled with Oracle JDK?

Mandy

>
> Gruss
> Bernd
>
>   Am Tue, 22 Apr 2014 12:39:57 -0700
> schrieb Mandy Chung <mandy.chung at oracle.com>:
>
>> This change proposes to remove granting all permissions for
>> extensions as the default and implements the principle of least
>> privilege.In JDK 9, we want to reduce the privileges of as many
>> system classes as possible.
>>
>> http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8040059/webrev.00/
>>
>> This patch has reduced the zipfs, localedata and cldrdata to grant
>> the permissions they require.  It grants AllPermission to other jar
>> files in the lib/ext directory shipped with JDK and this change is
>> intended to enable the component teams to identify the minimum
>> permissions and fix any issue, if any.
>>
>> Libraries installed in the extensions directory depending on
>> AllPermission granted by default are impacted.   Making this change
>> as early in JDK 9 allows us to identify any customer impacted by this
>> change.
>>
>> Mandy
>>



More information about the security-dev mailing list