New candidate JEP: 486: Permanently Disable the Security Manager
Alan Bateman
alan.bateman at oracle.com
Thu Sep 26 19:21:00 UTC 2024
On 26/09/2024 15:04, Lothar Kimmeringer wrote:
> :
>
> When looking for this the past couple of years since this topic
> came up, I haven't found any concept for a replacement for canExit
> and only "use some feature on the OS-level the application runs on"
> as replacement for canExec. The latter would destroy our application's
> platform independence which was the reason it was developed in Java
> in the first place 20 years ago.
I assume you mean "checkExit" rather than "canExit". The recommendation
in the JEP is use an agent to intercept the usages of System.exit,
there's a basic example to get started.
You can do the same to intercept code that uses the Runtime.exec or
ProcessBuilder APIs.
-Alan
More information about the security-dev
mailing list