RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible
Valerie Peng
valerie.peng at oracle.com
Thu Jun 26 21:33:01 UTC 2014
Updated the webrev in place (still at webrev.01), now that Mandy has
putback'ed her fix for the ClassLoader.loadLibrary issue.
Thanks,
Valerie
On 6/20/2014 3:30 PM, Valerie Peng wrote:
>
> Webrev is updated at:
> http://cr.openjdk.java.net/~valeriep/8043406/webrev.01
> Sure, I will file a bug after Mandy's confirmation.
> Thanks,
> Valerie
>
> On 6/20/2014 8:46 AM, Sean Mullan wrote:
>> 36 // Needed by Runtime.loadLibrary(String) call
>> 37 permission java.io.FilePermission "<<ALL FILES>>", "read";
>>
>> It seems like this is due to a bug in Runtime.loadLibrary, since you
>> have already granted the provider the permission to load the library.
>> I think possibly the call to ClassLoader.loadLibrary should be inside
>> a doPrivileged. The workaround is ok for now, but can you file a
>> separate bug for this?
>>
>> --Sean
>>
>> On 06/18/2014 06:51 PM, Valerie Peng wrote:
>>> Sean,
>>>
>>> Not sure if you can get to reviewing this before your vacation.
>>> If not, I will find someone else to help...
>>>
>>> Webrev: http://cr.openjdk.java.net/~valeriep/8043406/webrev.00/
>>>
>>> Thanks,
>>> Valerie
More information about the security-dev
mailing list