PrivilegedAction et al and JEP411
chap at anastigmatix.net
chap at anastigmatix.net
Sun Jun 18 22:42:17 UTC 2023
On 2023-06-18 08:15, Alan Bateman wrote:
> Once the SM operating mode goes away then I would expect most usages of
> privileged actions in the JDK can be removed. Leaving them for an
> "authorization layer" to instrument would be misleading. Existing
> usages will quickly bit rot. It would also be a tax on all future
> features and all ongoing maintenance.
Perhaps it would be more feasible to look at some lower-hanging
fruit, such as making sure all file accesses go through the default
filesystem implementation (once that is imposed at startup, of course),
sockets can be controlled with socket factories, similarly for
processes, and so on.
Is the intention to have all system properties (even those that
contain critical platform information) be writable as a free-for-all,
or will there be some means to limit writing of those?
Regards,
Chapman Flack
More information about the security-dev
mailing list