RFR 8145750: jjs fails to run simple scripts with security manager turned on
sean.mullan at oracle.com
Fri Dec 18 19:40:40 UTC 2015
On 12/18/2015 07:55 AM, Sundararajan Athijegannathan wrote:
> inline comments below..
> On 12/18/2015 6:22 PM, Alan Bateman wrote:
>> On 18/12/2015 12:23, Sundararajan Athijegannathan wrote:
>>> Please review http://cr.openjdk.java.net/~sundar/8145750/webrev.00/
>>> for https://bugs.openjdk.java.net/browse/JDK-8145750
>>> Adding missing permissions for jdk.dynalink module. Note that it used
>>> to be part of jdk.scripting.nashorn module in the past and therefore
>>> got AllPermission.
>> Is it really necessary to grant it AllPermission? Just wondering how
>> hard it would be to figure out the permissions that it really needs.
> May be, not. But I tried giving only sun.reflect package access --
> didn't work. There are a few doPrivileged blocks in dynalink code as
> well. This needs further analysis.
> But dynalink code was part of nashorn and so was getting AllPermission
> so far - so there is no permission enhancement by adding this missing
> permission block.
> That said, we can revisit reduced permission set for dynalink module.
> I'd prefer to track that as separate bug.
Yes, please file a separate bug to track this as de-privileging is one
of the main advantages of loading the module with the extension class
More information about the nashorn-dev