[11u] RFR(S): 8223326: Regression introduced by CPU sync: java.security.AccessControlException: access denied ("java.net.NetPermission" "setSocketImpl")
Alan.Bateman at oracle.com
Mon Mar 23 19:51:34 UTC 2020
On 23/03/2020 19:39, Chris Hegarty wrote:
>> On 23 Mar 2020, at 19:18, Alan Bateman <Alan.Bateman at oracle.com
>> <mailto:Alan.Bateman at oracle.com>> wrote:
>> Socket(SocketImpl) is only specified to do a permission check when
>> the impl is non-null. The socket adaptor in JDK 12 and older releases
>> doesn't have a dummy impl so the change should not be needed. If
>> there is a security exception thrownhere then it suggests something
>> may be broken elsewhere, do you have a stack trace?
> I suspect that only the ServerSocketAdapter part of the change is
> needed, since ServerSocket(SocketImpl) does a security check
> regardless of the value of the given SocketImpl.
The old ServerSocketAdapter implementation pre-dates that protected
constructor. I don't have cycles to dig into what is going on in the
update releases but if there is a security exception bring thrown in
either case then it suggests that something is broken elsewhere.
More information about the core-libs-dev