[Bug classpath/42390] Missing Security Manager checks in classpath apis

bug-classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/42390] Missing Security Manager checks in classpath apis

From:	varun at cs dot utexas dot edu
Subject:	[Bug classpath/42390] Missing Security Manager checks in classpath apis
Date:	14 Jan 2010 18:07:48 -0000


------- Comment #1 from varun at cs dot utexas dot edu  2010-01-14 18:07 -------
(In reply to comment #0)
> 1)  Constructor missed the
> sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION) check in the
> java.io.ObjectOutputStream: void <init>(java.io.OutputStream) constructor 
> call.
> 2) 
> Method calls :<java.util.logging.LogManager: void
> removePropertyChangeListener(java.beans.PropertyChangeListener)>
> 
> and 
> <java.util.logging.LogManager: void
> addPropertyChangeListener(java.beans.PropertyChangeListener)> 
> misses LoggingPermission"control" check
> 3) Mehtod call :<java.io.File: boolean isHidden()>  missing the check for
> checkRead()
> 4) Mehtod call :<java.security.ProtectionDomain: java.lang.String toString()>
> missing sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION) for the
> dynamic policy permission load.
> 5) 
> Mehtod call :<java.net.Socket: void connect(java.net.SocketAddress)>
> and  :<java.net.Socket: void connect(java.net.SocketAddress,int)> missing
> checkConnect.
> 6)  Method <java.net.DatagramSocket: void connect(java.net.SocketAddress)>
> should perform checkListen, checkMulticast, checkAccept on top of checkConnect
> 
Adding some more inconsistencies in Classpath as compared to other JVMs
7)In "public static final String getDefaultType()" API of
java.security.KeyStore 
 the caller requires to have permission to read "keystore.type" property
whereas in SUN JVM and Harmony JVM the permission is not required.
8) In "public static SelectorProvider provider()" API of
java.nio.channels.spi.SelectorProvider the caller requires permission to load
"java.nio.channels.spi.SelectorProvider" property, whereas in SUN and Harmony
JVMs this permission is not required.


-- 

varun at cs dot utexas dot edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|0.97.2                      |0.98


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42390

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug classpath/42390] Missing Security Manager checks in classpath apis, varun at cs dot utexas dot edu <=

Prev by Date: [Bug fortran/41044] internal compiler error: in gfc_conv_intrinsic_function
Next by Date: [Bug classpath/42752] New: formats like "%08X", "%09d" crash java.util.Formatter
Previous by thread: [Bug fortran/41044] internal compiler error: in gfc_conv_intrinsic_function
Next by thread: [Bug classpath/42752] New: formats like "%08X", "%09d" crash java.util.Formatter
Index(es):
- Date
- Thread