This is the mail archive of the java-patches@gcc.gnu.org mailing list for the Java project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: http.agent patch


Hi,

On Mon, 2004-07-12 at 00:01, Bryce McKinlay wrote:
> > I believe the following patch addresses both
> >concerns and makes sure that even when the Connection class is
> >loaded/initialized from a class with not enough permissions it can still
> >get at the necessary system properties.
>
> I wonder if we really need to use AccessController.doPrivilaged() in a 
> static initializer. Won't the class initialization code, which calls the 
> static initializer, already be privilaged?

Yes you need that. The idea behind the whole security model is that a
programmer needs to explicitly say whether or not they need/want only
their own ProtectionDomain to be used with any access checks. This makes
sure that under "normal" circumstances only security sensitive code can
execute that the developer and the user set security manager allow to
execute. It reliefs the developer to think about all the ways the code
can potentially be called from an insecure environment. If you insert a
doPrivileged() call you assert that you have thought about all ways this
code can potentially be used from an insecure environment.

Cheers,

Mark

Attachment: signature.asc
Description: This is a digitally signed message part


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]