RFR: 8155775: Re-examine naming of privileged methods to access System properties
Claes Redestad
claes.redestad at oracle.com
Mon May 2 18:21:07 UTC 2016
On 2016-05-02 16:15, Sean Mullan wrote:
> This looks good.
Thanks!
>
> * src/java.base/share/classes/jdk/Version.java
>
> This is not an issue in your changes, but the current javadoc for
> Version.current() says:
>
> 266 * @throws SecurityException
> 267 * If a security manager exists and its {@link
> 268 * SecurityManager#checkPropertyAccess(String)
> 269 * checkPropertyAccess} method does not allow access
> to the
> 270 * system property "java.version"
>
> but this can never occur since the code is wrapping the call to
> System.getProperty("java.version") in doPrivileged, so the caller's
> permissions are never checked.
>
> I think that this is a bug in the javadoc of this method and that it
> should not be specified to throw SecurityException. All code already
> has permission to read "java.version" in the default java.policy file.
> Can you file a followon bug to have this fixed?
Filed: https://bugs.openjdk.java.net/browse/JDK-8155853
/Claes
More information about the security-dev
mailing list