RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization
Wang Weijun
weijun.wang at oracle.com
Thu Jan 12 01:14:33 UTC 2017
Is there a valid case where a security manager is created but not set?
--Max
> On Jan 12, 2560 BE, at 7:18 AM, Claes Redestad <claes.redestad at oracle.com> wrote:
>
> Hi again,
>
> On 2017-01-11 15:27, Claes Redestad wrote:
>> Hi Adam,
>>
>> On 01/11/2017 02:34 PM, Adam Petcher wrote:
>>> Please review the following bug fix:
>>>
>>> http://cr.openjdk.java.net/~apetcher/8168075/webrev.00/
>>>
>>> This fixes a bug in which a permission check would try to load
>>> resources while the system class loader is being initialized.
>>> Resources cannot be loaded at this time, so this change ensures that
>>> the resources are loaded earlier.
>>>
>>
>> couldn't this be done in System.setSecurityManager rather than in a
>> static block
>> in SecurityManager?
>>
>> http://cr.openjdk.java.net/~redestad/scratch/8168075.alt/
>>
>> The provided EarlyLoad test still pass with this approach, and this
>> would avoid loading a few
>> classes and a resource bundle when not installing a security manager
>> (the SecurityManager class is always loaded on bootstrap).
>
> it turns out this isn't actually an issue: the SecurityManager class is
> loaded very early during bootstrap by the VM, but not initialized
> unless actually created (this can be seen by comparing -Xlog:class+load
> and -Xlog:class+init output). Thus for the purposes of startup then
> the original patch was OK.
>
> Thanks!
>
> /Claes
>
More information about the security-dev
mailing list