RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible
Mandy Chung
mandy.chung at oracle.com
Fri Jun 20 23:57:26 UTC 2014
On 6/20/2014 3:30 PM, Valerie Peng wrote:
>
> Webrev is updated at:
> http://cr.openjdk.java.net/~valeriep/8043406/webrev.01
Thanks Valerie. Good to see the security providers granting only the
permissions it requires.
Looks okay to me.
> Sure, I will file a bug after Mandy's confirmation.
Yes please file a bug and it does look like a bug in the loadLibrary.
I'll look into it. It'd be helpful if you can include a stack trace in
the JBS issue without granting FilePermission to access all files.
Thanks
Mandy
> Thanks,
> Valerie
>
> On 6/20/2014 8:46 AM, Sean Mullan wrote:
>> 36 // Needed by Runtime.loadLibrary(String) call
>> 37 permission java.io.FilePermission "<<ALL FILES>>", "read";
>>
>> It seems like this is due to a bug in Runtime.loadLibrary, since you
>> have already granted the provider the permission to load the library.
>> I think possibly the call to ClassLoader.loadLibrary should be inside
>> a doPrivileged. The workaround is ok for now, but can you file a
>> separate bug for this?
>>
>> --Sean
>>
>> On 06/18/2014 06:51 PM, Valerie Peng wrote:
>>> Sean,
>>>
>>> Not sure if you can get to reviewing this before your vacation.
>>> If not, I will find someone else to help...
>>>
>>> Webrev: http://cr.openjdk.java.net/~valeriep/8043406/webrev.00/
>>>
>>> Thanks,
>>> Valerie
More information about the security-dev
mailing list