Platform module security

Sean Mullan sean.mullan at
Tue Dec 6 08:01:09 PST 2011

How do we know if a module is part of the JRE platform and can be trusted

The current code in org.openjdk.jigsaw.Platform uses a fragile mechanism:

    public static boolean isPlatformModuleName(String mn) {
        return (mn.equals("jdk") || mn.startsWith("jdk.") ||

    // ## We really must do something more secure and robust here!
    static boolean isPlatformContext(BaseContext cx) {
        for (ModuleId mid : cx.modules()) {
            if (!isPlatformModuleName(
                return false;
        return true;

I can think of two potential solutions:

1) Nothing other than JRE platform modules can be installed/stored in the system
library. How this is enforced is a separate question.

2) All platform modules are signed with a special certificate that we can identify.

Any other thoughts?


More information about the jigsaw-dev mailing list