[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FYI: Throwable.StaticData.nl initialization fix
|
From: |
Mark Wielaard |
|
Subject: |
FYI: Throwable.StaticData.nl initialization fix |
|
Date: |
Thu, 20 May 2004 16:33:32 +0200 |
Hi,
When we added the lazy instantiation of the Throwable newline field
(StaticData.nl) we got an interesting security issue. Since Throwable
now gets System.getProperty("line.separator") as late as possible this
might not happen during the bootstrap process. Which is good since it
makes programs that don't print out stack traces faster. But now the
system property might be accessed while user code is on the call stack.
If that happens while a security manager is installed already which
doesn't give that user code permission to access the system property we
have a problem. This patch gives Throwable (and other classes in the
java.lang package) direct access to the system properties so they don't
need extra security checks.
2004-05-20 Mark Wielaard <address@hidden>
* java/lang/System.java (properties): Make package private.
* java/lang/Throwable.java (StaticData.nl): Initialize through
directly accessing System.properties.getProperty().
This was actually caught by a Mauve tests which is fixed again by this
patch.
Cheers,
Mark
Index: java/lang/Throwable.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/lang/Throwable.java,v
retrieving revision 1.23
diff -u -r1.23 Throwable.java
--- java/lang/Throwable.java 30 Apr 2004 19:05:03 -0000 1.23
+++ java/lang/Throwable.java 20 May 2004 14:25:35 -0000
@@ -406,7 +406,8 @@
static
{
- nl = System.getProperty("line.separator");
+ // Access package private properties field to prevent Security check.
+ nl = System.properties.getProperty("line.separator");
}
}
Index: java/lang/System.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/lang/System.java,v
retrieving revision 1.34
diff -u -r1.34 System.java
--- java/lang/System.java 23 Apr 2004 21:36:23 -0000 1.34
+++ java/lang/System.java 20 May 2004 14:25:35 -0000
@@ -213,7 +213,7 @@
*/
// Note that we use clone here and not new. Some programs assume
// that the system properties do not have a parent.
- private static Properties properties
+ static Properties properties
= (Properties) Runtime.defaultProperties.clone();
/**
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- FYI: Throwable.StaticData.nl initialization fix,
Mark Wielaard <=