RFR: 8155775: Re-examine naming of privileged methods to access System properties

Claes Redestad claes.redestad at oracle.com
Mon May 2 18:21:07 UTC 2016



On 2016-05-02 16:15, Sean Mullan wrote:
> This looks good. 

Thanks!

>
> * src/java.base/share/classes/jdk/Version.java
>
> This is not an issue in your changes, but the current javadoc for 
> Version.current() says:
>
>  266      * @throws  SecurityException
>  267      *          If a security manager exists and its {@link
>  268      *          SecurityManager#checkPropertyAccess(String)
>  269      *          checkPropertyAccess} method does not allow access 
> to the
>  270      *          system property "java.version"
>
> but this can never occur since the code is wrapping the call to 
> System.getProperty("java.version") in doPrivileged, so the caller's 
> permissions are never checked.
>
> I think that this is a bug in the javadoc of this method and that it 
> should not be specified to throw SecurityException. All code already 
> has permission to read "java.version" in the default java.policy file. 
> Can you file a followon bug to have this fixed?

Filed: https://bugs.openjdk.java.net/browse/JDK-8155853

/Claes



More information about the security-dev mailing list