Request - Preparation for removal of SecurityManager
Alan Bateman
Alan.Bateman at oracle.com
Wed Oct 26 06:24:49 UTC 2022
On 26/10/2022 02:58, Peter Firmstone wrote:
> :
>
> Using the existing permission check hooks in the JDK allows us to
> significantly speed up our development efforts. Each time a
> permission check hook is removed, we will need to replace it with
> instrumentation. I was hoping this could be done in a controlled manner.
>
The permission checks in the JDK might give you a baseline for what you
want to do right now but once the ability the set a SM goes away then
you have to assume those permission checks will rapidly bit rot and be
removed. The JDK code is constantly changing and features are added in
most releases. Most new features would have historically interacted with
the SM in some way. So trying to instrument everywhere where a
permission check might live will be a lot of work. It will mean keeping
up with all code changes and all new features, it will give you a
sensitive of the effort to keep the SM execution mode working security
today.
-Alan
More information about the security-dev
mailing list