bug-classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/44008] New: Security context misuse in URLClassLoader

From: pierre dot mobde at gmail dot com
Subject: [Bug classpath/44008] New: Security context misuse in URLClassLoader
Date: 6 May 2010 09:11:21 -0000 
The URLClassLoader doesn't save the security context in its contructors and it
doesn't use it in every class and resource access as it should.

As it is said in the Sun URLClassLoader documentation:
"The AccessControlContext of the thread that created the instance of
URLClassLoader will be used when subsequently loading classes and resources."
http://java.sun.com/javase/6/docs/api/java/net/URLClassLoader.html

It leads to bugs when opening files when the loaded classes haven't the read
filePermissions on other codeBases.


-- 
           Summary: Security context misuse in URLClassLoader
           Product: classpath
           Version: 0.98
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: classpath
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: pierre dot mobde at gmail dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44008
reply via email to
[Prev in Thread] Current Thread [Next in Thread]