RFR 8159528: Deprivilege java.security.jgss, jdk.security.jgss and jdk.security.auth

Sean Mullan sean.mullan at oracle.com
Tue Jul 12 14:31:23 UTC 2016


Did you try to grant less than AllPermission to these modules?

In PrincipalName.java, you can use diamond on line 206:

     return AccessController.doPrivileged(new PrivilegedAction<>() {

Looks ok otherwise.

--Sean

On 07/11/2016 04:15 AM, Weijun Wang wrote:
> Hi All
>
> Please review the code change at
>
>         dev: http://cr.openjdk.java.net/~weijun/8159528/dev/webrev.00
>     dev/jdk: http://cr.openjdk.java.net/~weijun/8159528/jdk/webrev.00
>
> Some notes on the jdk changes:
>
> 1. java.policy: I just append the new grants to the end of the file
> (before the common block). There seems to be no special order. Also, new
> RFEs will be filed to refine the permissions granted.
>
> 2. KerberosSecrets.java and PrincipalName.java cannot get Unsafe as
> before. I copied this hack from Nashorn.
>
> 3. The SSL.java test fails because of another bug [1]. Workaround added.
>
> 4. Other tests use the new java.security.policy @run option because the
> system default java.policy must also be included.
>
> Thanks
> Max
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8161101


More information about the security-dev mailing list