[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch #3174] Default implementation of VMAccessController.getStack
|
From: |
Michael Koch |
|
Subject: |
Re: [patch #3174] Default implementation of VMAccessController.getStack |
|
Date: |
Wed, 30 Jun 2004 12:39:03 +0200 |
|
User-agent: |
KMail/1.6.2 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Mittwoch, 30. Juni 2004 12:19 schrieb Jeroen Frijters:
> > Summary: Default implementation of VMAccessController.getStack
> >
> > Original Submission: The attached patch provides a default
> > implementation of java.security.VMAccessController.getStack,
> > by calling Throwable.getStackTrace().
> >
> > Note that this implementation will likely not work in
> > general: this implementation needs to get classes by name,
> > and may not be able to. Also, since unresolvable stack frames
> > will be silently dropped, this can lead to code running with
> > privileges it should not have.
>
> This seems like a really bad idea to me. Why have a default
> implementation, if it's useless? Especially in the area of
> security, I wouldn't do this.
At least a default implementation that is unpredicateable. In my
opinion the default implementation should not allow "code running
with privileges it should not have". This is okay as every JVM has to
implement VMAccessController for themself anyway to get correct stack
traces.
Michael
- --
Homepage: http://www.worldforge.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA4phHWSOgCCdjSDsRAubfAJ0UVJ/WWXkPV0ZUn2xf+tLlsVSZdQCdE/oa
vP0RnPIEUtZo/uU1fvFAdos=
=HXfz
-----END PGP SIGNATURE-----