[External] : Re: JEP 411, removal of finalizers, a path forward.
Peter Firmstone
peter.firmstone at zeus.net.au
Wed Aug 4 01:23:47 UTC 2021
Maybe we need some criteria, that defines what's not easily instrumented?
On 4/08/2021 10:19 am, Peter Firmstone wrote:
>
> Excellent, Ron, that's exactly what I'm after.
>
> I need to be able to implement an authorization layer on top of the
> JDK, but reach down into the JDK to use authorization to control access.
>
> Can we find out how many such checks that OpenJDK is prepared to
> support, then we will pick the most important?
>
> Don't worry about ClassLoader, I can instrument that (thank you Erik),
> and maybe I can instrument Properties, and System.exit. So basically
> things we can't easily instrument with agents, that everybody is most
> likely to want.
>
> * Network access
> * File System access
> * User Credentials
>
> Maybe we should have a mailing list dedicated to this where we can
> discuss and potentially collaborate?
>
> Regards,
>
> Peter.
>
> On 3/08/2021 10:15 pm, Ron Pressler wrote:
>>> On 3 Aug 2021, at 12:50, Peter Firmstone<peter.firmstone at zeus.net.au> wrote:
>>>
>>> Can you think of any workable alternative compromises?
>> If you mean a compromise between no access checks in the JDK and all access checks in the JDK, then yes,
>> which is possibly some callbacks for a small subset of operations that perform access checks today,
>> say, System.exit and opening a file or socket. I am not saying this is what should be done, but that the
>> effort involved is such that I can conceivably see those whose responsibility this would be agreeing to
>> consider it, as the value in such a mechanism might end up being worthy of that amount of effort. But I’m
>> guessing that the more such hooks are requested, the less likely it is that the cost remains acceptable.
>>
>> — Ron
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210804/6abd6ef9/attachment.htm>
More information about the security-dev
mailing list