RFR (JDK 12): 6899533: SecureClassLoader and URLClassLoader have unnecessary check for createClassLoader permission
mandy chung
mandy.chung at oracle.com
Thu Sep 6 20:22:55 UTC 2018
On 9/6/18 12:29 PM, Sean Mullan wrote:
> Please review this change to remove code that is no longer necessary
> now that pre-JDK 1.2 SecurityManager methods are no longer supported
> [1]. In addition, the initialized flag and associated code has been
> removed from SecureClassLoader as this was only necessary to prevent
> finalizer attacks prior to JDK 6.
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/6899533/webrev.00/
> bug: https://bugs.openjdk.java.net/browse/JDK-6899533
Looks good. Happy to see this is cleaned up.
Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180906/54f10fc6/attachment.htm>
More information about the security-dev
mailing list