[icedtea-web] RFC: check prompting user with full permissions

Omair Majid omajid at redhat.com
Fri Dec 17 07:29:45 PST 2010


The attached patch fixes a bug in IcedTea-Web and ensures that when netx 
checks whether the user should be prompted, it is done with full 

This is necessary because JNLPSecurityManager can ask the user to grant 
an untrusted application socket permissions. Without this fix, the 
caller is not allowed to prompt the user and the security exception 
thrown essentially denies this permission. There maybe other code paths 
for which this can happen too.

These particular configuration values does not seem very sensitive to 
me. I dont see any issues if untrusted applications could read them. 
Still, both the methods patched are private so they can only be called 
from within the class. I don't see any problems with this doPrivileged 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: check-prompting-with-full-permissions.patch
Type: text/x-patch
Size: 1819 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20101217/6addea01/check-prompting-with-full-permissions.patch 

More information about the distro-pkg-dev mailing list