[External] : Re: JEP 411, removal of finalizers, a path forward.

Peter Firmstone peter.firmstone at zeus.net.au
Wed Aug 4 01:23:47 UTC 2021


Maybe we need some criteria, that defines what's not easily instrumented?

On 4/08/2021 10:19 am, Peter Firmstone wrote:
>
> Excellent, Ron, that's exactly what I'm after.
>
> I need to be able to implement an authorization layer on top of the 
> JDK, but reach down into the JDK to use authorization to control access.
>
> Can we find out how many such checks that OpenJDK is prepared to 
> support, then we will pick the most important?
>
> Don't worry about ClassLoader, I can instrument that (thank you Erik), 
> and maybe I can instrument Properties, and System.exit. So basically 
> things we can't easily instrument with agents, that everybody is most 
> likely to want.
>
>   * Network access
>   * File System access
>   * User Credentials
>
> Maybe we should have a mailing list dedicated to this where we can 
> discuss and potentially collaborate?
>
> Regards,
>
> Peter.
>
> On 3/08/2021 10:15 pm, Ron Pressler wrote:
>>> On 3 Aug 2021, at 12:50, Peter Firmstone<peter.firmstone at zeus.net.au>  wrote:
>>>
>>> Can you think of any workable alternative compromises?
>> If you mean a compromise between no access checks in the JDK and all access checks in the JDK, then yes,
>> which is possibly some callbacks for a small subset of operations that perform access checks today,
>> say, System.exit and opening a file or socket. I am not saying this is what should be done, but that the
>> effort involved is such that I can conceivably see those whose responsibility this would be agreeing to
>> consider it, as the value in such a mechanism might end up being worthy of that amount of effort. But I’m
>> guessing that the more such hooks are requested, the less likely it is that the cost remains acceptable.
>>
>> — Ron

-- 
Regards,
  
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20210804/6abd6ef9/attachment-0001.htm>


More information about the security-dev mailing list