RFR: 8155775: Re-examine naming of privileged methods to access System properties
Sean Mullan
sean.mullan at oracle.com
Mon May 2 15:01:22 UTC 2016
On 05/02/2016 10:15 AM, Sean Mullan wrote:
> This looks good. Just a couple of comments:
>
> * src/java.base/share/classes/java/util/TimeZone.java
>
> 698 props.setProperty("user.timezone", id);
>
> This will only change the local copy of the property. I think you want
> to keep the original code which does a System.setProperty.
Ignore this comment. I missed the fact that System.getProperties()
returns the props field without any defensive cloning.
--Sean
More information about the security-dev
mailing list