[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

Weijun Wang weijun.wang at oracle.com
Thu Aug 23 14:00:23 UTC 2018 

This follows the convention of ObjectInputStream::setObjectInputFilter. IMHO, in that case the caller also creates the filter and it's only set on this input stream.

Maybe we shouldn't have added the permission check there?

Thanks
Max

> On Aug 23, 2018, at 4:55 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> One thing I am curious about. Is there a reason why getObject(ObjectInputFilter) requires a permission check?
> 
> In this case, the caller is the one creating the filter and passing it in, so the caller can only cause harm to themselves, and the ObjectInputStream is a local variable which is not returned. This method also does not mutate the contents of the SignedObject (or SealedObject) ... so I don't see the risk here. I think you can just wrap ObjectInputStream.setObjectInputFilter in doPrivileged.
> 
> --Sean
> 
> On 8/22/18 2:37 AM, Weijun Wang wrote:
>> Updated webrev at
>>    http://cr.openjdk.java.net/~weijun/8193859/webrev.02/
>> Changes:
>> 1) More spec change
>>    - describing the filter in class spec
>>    - mentioning the system filter in existing getObject() methods
>>    - add "@throws InvalidClassException" to all getObject() methods
>> 2) More test cases
>>    - check SecurityException when a security manager is set
>>    - set the system filter to see how existing getObject() works
>> The 2 tests are very similar but they belong to jdk_security1 and jdk_security2. Therefore I haven't combined them.
>> Thanks
>> Max
>>> On Aug 17, 2018, at 10:56 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> Please take a review at the updated webrev at
>>> 
>>>   http://cr.openjdk.java.net/~weijun/8193859/webrev.01
>>> 
>>> Changes only in doc, including
>>> 
>>> 1) The "2018-8-15 updates" in the CSR [1]
>>> 
>>> 2) formatting
>>> 
>>> Thanks
>>> Max
>>> 
>>> [1] https://bugs.openjdk.java.net/browse/JDK-8193887
>>> 
>>>> On Aug 14, 2018, at 11:19 PM, Roger Riggs <Roger.Riggs at Oracle.com> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> On 8/14/2018 10:59 AM, Weijun Wang wrote:
>>>>> 
>>>>> s/initial process-wide filter/system filter/?
>>>> 
>>>> yes
>>>> 
>>>> Roger
>>>> 
>>>>> 
>>>>> --Max
>>>>> 
>>>>>> [1]    8202675  Replace process-wide terminology in serial filtering to be consistent
>>>>>> 
>>>>>> Regards, Roger
>>>>>> 
>>>>> 
>>>> 
>>>

More information about the security-dev mailing list