RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization

Claes Redestad claes.redestad at oracle.com
Wed Jan 11 23:18:40 UTC 2017

Hi again,

On 2017-01-11 15:27, Claes Redestad wrote:
> Hi Adam,
> On 01/11/2017 02:34 PM, Adam Petcher wrote:
>> Please review the following bug fix:
>> http://cr.openjdk.java.net/~apetcher/8168075/webrev.00/
>> This fixes a bug in which a permission check would try to load
>> resources while the system class loader is being initialized.
>> Resources cannot be loaded at this time, so this change ensures that
>> the resources are loaded earlier.
> couldn't this be done in System.setSecurityManager rather than in a
> static block
> in SecurityManager?
> http://cr.openjdk.java.net/~redestad/scratch/8168075.alt/
> The provided EarlyLoad test still pass with this approach, and this
> would avoid loading a few
> classes and a resource bundle when not installing a security manager
> (the SecurityManager class is always loaded on bootstrap).

it turns out this isn't actually an issue: the SecurityManager class is
loaded very early during bootstrap by the VM, but not initialized
unless actually created (this can be seen by comparing -Xlog:class+load
and -Xlog:class+init output).  Thus for the purposes of startup then
the original patch was OK.



More information about the security-dev mailing list