RFR: 8155775: Re-examine naming of privileged methods to access System properties
Sean Mullan
sean.mullan at oracle.com
Tue May 10 14:57:46 UTC 2016
On 5/9/16 11:44 PM, Wang Weijun wrote:
> I have a question related.
>
> There are some places in JDK that use doPrivileged to read "os.name" etc. This system property is in the default java.policy file
>> On May 2, 2016, at 10:15 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> This is not an issue in your changes, but the current javadoc for Version.current() says:
>>
>> 266 * @throws SecurityException
>> 267 * If a security manager exists and its {@link
>> 268 * SecurityManager#checkPropertyAccess(String)
>> 269 * checkPropertyAccess} method does not allow access to the
>> 270 * system property "java.version"
>>
>> but this can never occur since the code is wrapping the call to System.getProperty("java.version") in doPrivileged, so the caller's permissions are never checked.
>>
>> I think that this is a bug in the javadoc of this method and that it should not be specified to throw SecurityException. All code already has permission to read "java.version" in the default java.policy file.
>
> Can you clarify?
>
> If a system property is listed in the default java.policy file, shall we use or not use doPrivileged() to read it inside JDK? I thought the answer is yes because the policy file could be modified.
Yes, you should use doPrivileged in that case, since the policy can be
modified so you don't necessarily know that the caller has permission to
read that property. System.getProperty will still perform a security check.
--Sean
More information about the security-dev
mailing list