Should System.exit be controlled by a Scope Local?
Ethan McCue
ethan at mccue.dev
Mon Feb 28 14:58:43 UTC 2022
Where would be a good place to do that sort of surveying? The mechanism
does not seem to be that popular in open source software ( though that does
make a degree of sense ), or at least the software grep.app scans
https://grep.app/search?q=permission.getName%28%29.startsWith%28%22exitVM%22%29
On Mon, Feb 28, 2022 at 9:05 AM Alan Bateman <Alan.Bateman at oracle.com>
wrote:
> On 26/02/2022 22:14, Ethan McCue wrote:
> > I have a feeling this has been considered and I might just be
> articulating
> > the obvious - but:
> >
> > As called out in JEP 411, one of the remaining legitimate uses of the
> > Security Manager is to intercept calls to System.exit. This seems like a
> > decent use case for the Scope Local mechanism.
> >
> I think it was mostly convenience to use the SM to intercept calls to
> System.exit as it's not really security when all other permissions are
> granted.
>
> There have been a few prototypes of APIs in this area but none made to
> the level of a good proposal. Using a SL or even TL set/remove is
> interesting but you might want to survey some of the existing usages to
> see if they are really stack confined. At least some of the uses have
> been container applications with plugins that accidentally call
> System.exit when running code not intended to run that way. I don't
> think there is any guarantee that they run completely in the same thread
> but some may do.
>
> -Alan
>
More information about the core-libs-dev
mailing list