Theoretical data race on java.util.logging.Handler.sealed

Peter Levart peter.levart at
Wed Dec 18 17:03:49 UTC 2013

On 12/17/2013 06:43 PM, Mandy Chung wrote:
> Can you check what methods are called by the constructors whose access 
> are denied in the current implementation but granted in the patch?  I 
> have to take another look to make sure but I believe they only calls 
> the methods in the handler classes that calls Handler.checkPermission.
> Mandy

Hi Mandy, Daniel,

Here's yet another variant that reduces the doPrivileged code to just 
Handler's setters. This way no LogManager methods are invoked under 
elevated privilege:

I also factored-out common code into a single package-private 
Handler.configure() method + two package-private getters that provide 
this method with different defaults for different Handler subclasses. 
configure() is in this variant called only in immediate Handler 
subclasses: MemoryHandler & StreamHandler and not in SocketHandler or 
ConsoleHandler. Each property is only set once this way at construction 
time - current code sets each property twice in SocketHandler or 

SocketHandler's output stream is set with privileged action in both 
cases: whether constructed with configured or specified host/port.

Regards, Peter

More information about the core-libs-dev mailing list