RFR: 8155775: Re-examine naming of privileged methods to access System properties

Sean Mullan sean.mullan at oracle.com
Mon May 2 15:01:22 UTC 2016


On 05/02/2016 10:15 AM, Sean Mullan wrote:
> This looks good. Just a couple of comments:
>
> * src/java.base/share/classes/java/util/TimeZone.java
>
> 698         props.setProperty("user.timezone", id);
>
> This will only change the local copy of the property. I think you want
> to keep the original code which does a System.setProperty.

Ignore this comment. I missed the fact that System.getProperties() 
returns the props field without any defensive cloning.

--Sean



More information about the security-dev mailing list