FilePermission Canonical path optimization
peter.levart at gmail.com
Thu Dec 18 08:26:17 UTC 2014
On 12/17/2014 07:36 PM, Sean Mullan wrote:
> On 12/05/2014 08:00 AM, Peter Levart wrote:
>> The question is what to do with the remaining data race that was present
>> before. The 'mask' field. The best would be to make it final, but
>> deserialization needs to set it.
> I don't see the pre-existing race condition on the mask field, but I'm
> probably missing something subtle. Can you provide more details?
When an object initializes it's non-final fields in constructor and is
then published unsafely (via data race) to other threads, it can be
observed not fully initialized in other threads (because of reordering
of stores and loads by compiler and/or architecture). The blame is
usually on the code that unsafely publishes references to such objects,
but if a class is part of security infrastructure then such unsafe
publication can be intentional and used to compromise security. If other
code makes use of unsafely published FilePermission objects not
possible, then this is just theoretical. On the other hand, who can make
sure that such use will not be possible in the future?
More information about the core-libs-dev