[External] : Re: PrivilegedAction et al and JEP411
Ron Pressler
ron.pressler at oracle.com
Thu Jun 22 11:00:34 UTC 2023
> On 22 Jun 2023, at 02:21, Peter Firmstone <peter.firmstone at zeus.net.au> wrote:
>
> This discussion on OpenSearch is worth a read. https://github.com/opensearch-project/OpenSearch/issues/1687
The cross-platform API (SystemCallFilter) is something that looks like it would make for an interesting separate library.
I am well aware that there are things that SM could do that OS-level protection couldn’t, but the delta is small (although it isn’t small in the other direction). That thread essentially says, “why not have both?” That’s irrational from the perspective of prioritising investment. Even from the security perspective alone there are better gains elsewhere.
— Ron
More information about the security-dev
mailing list