[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug classpath/27041] New: Missng call to SecurityManager in java.utils.
From: |
pere at hungry dot com |
Subject: |
[Bug classpath/27041] New: Missng call to SecurityManager in java.utils.Properties.getProperty() |
Date: |
5 Apr 2006 13:01:35 -0000 |
When comparing the calls to the securitymanager while using gcjwebplugin
with GNU Classpath and SUN JDK, I discovered several missing checks. One of
them is in java.utils.Properties.getProperty(). I believe this patch against
the current CVS should solve the issue:
--- Properties.java.~1.36.~ 2006-03-19 16:20:59.000000000 +0100
+++ Properties.java 2006-04-05 14:27:08.515408888 +0200
@@ -448,6 +448,10 @@
*/
public String getProperty(String key)
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new PropertyPermission(key, "read"));
+
Properties prop = this;
// Eliminate tail recursion.
do
I'm setting severity major as this is a security issue.
--
Summary: Missng call to SecurityManager in
java.utils.Properties.getProperty()
Product: classpath
Version: 0.90
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: classpath
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: pere at hungry dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27041
- [Bug classpath/27041] New: Missng call to SecurityManager in java.utils.Properties.getProperty(),
pere at hungry dot com <=