RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible

Valerie Peng valerie.peng at oracle.com
Thu Jun 26 21:33:01 UTC 2014


Updated the webrev in place (still at webrev.01), now that Mandy has 
putback'ed her fix for the ClassLoader.loadLibrary issue.

Thanks,
Valerie

On 6/20/2014 3:30 PM, Valerie Peng wrote:
>
> Webrev is updated at: 
> http://cr.openjdk.java.net/~valeriep/8043406/webrev.01
> Sure, I will file a bug after Mandy's confirmation.
> Thanks,
> Valerie
>
> On 6/20/2014 8:46 AM, Sean Mullan wrote:
>>   36         // Needed by Runtime.loadLibrary(String) call
>>   37         permission java.io.FilePermission "<<ALL FILES>>", "read";
>>
>> It seems like this is due to a bug in Runtime.loadLibrary, since you 
>> have already granted the provider the permission to load the library. 
>> I think possibly the call to ClassLoader.loadLibrary should be inside 
>> a doPrivileged. The workaround is ok for now, but can you file a 
>> separate bug for this?
>>
>> --Sean
>>
>> On 06/18/2014 06:51 PM, Valerie Peng wrote:
>>> Sean,
>>>
>>> Not sure if you can get to reviewing this before your vacation.
>>> If not, I will find someone else to help...
>>>
>>> Webrev: http://cr.openjdk.java.net/~valeriep/8043406/webrev.00/
>>>
>>> Thanks,
>>> Valerie


More information about the security-dev mailing list