JEP 411 - Secure Java Distribution

Peter Firmstone peter.firmstone at zeus.net.au
Wed Jun 2 10:32:24 UTC 2021 

Thanks Andrew,

I've been thinking about how to do this in a compatible manner.

The Guard.check call checks whether SecurityManager is enabled.

All permission checks in the JDK could be changed to call the 
Guard.check method.  Unfortunately other permission checks in user code 
will be broken, if they don't utilise this method, but often the most 
important permissions are those defined in JDK code.

If we modify this method to look for a provider that's outside the 
java.* namespace.

Then we have a point in the code where we can do something like 
SecurityManager, without requiring SecurityManager.

Next step will be to replace all AccessController and 
AccessControlContext uses in JDK code with another class outside the 
java.* namespace.

In the first instance, we allow SecurityManager, AccessController and 
AccessControlContext to behave in their degraded state, passing all JCK 
tests.

But then we can create providers to replace their functionality.

This is my current line of thought, as other classes will remain.

Subject.doAs could be an issue, so would need to consider how to manage 
that.

This seems the easiest way.

Then for backward compatibility, we make a tool that rewrites java 
bytecode, to replace the calls to AccessController and 
AccessControlContext with compatible equivalents outside the java.* 
namespace in client code.  Then there's the case of removing any 
references to SecurityManager and looking for SecurityManager permission 
checks and replacing them with Guard.check.

Then we could potentially continue to support this functionality on 
later versions of Java without detonation.

Cheers,

Peter.


On 2/06/2021 7:35 pm, Andrew Haley wrote:
> On 6/1/21 10:06 AM, Peter Firmstone wrote:
>> If a vendor were to continue supporting SecurityManager and was
>> backporting from OpenJDK, if it passes the JCK with SecurityManager
>> disabled, that's still acceptable right?
> Look at the licence agreement in conjunction with the JCK users' guide.
> See the definition of “Compatible Licensee Implementation”.
>

More information about the security-dev mailing list