commit-classpath
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[patch #3174] Default implementation of VMAccessController.getStack


From: Casey Marshall
Subject: [patch #3174] Default implementation of VMAccessController.getStack
Date: Fri, 02 Jul 2004 00:58:11 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040701

This mail is an automated notification from the patch tracker
 of the project: classpath.

/**************************************************************************/
[patch #3174] Latest Modifications:

Changes by: 
                Casey Marshall <address@hidden>
'Date: 
                Fri 07/02/2004 at 03:13 (US/Pacific)

------------------ Additional Follow-up Comments ----------------------------
Attaching a new patch, that provides a simpler, but secure, implementation of 
getStack. It returns and empty stack, which will resolve to no permissions 
whatsoever. Thus, this implementation denys ANY attempt to access a protected 
resource, even by system classes.

This also fixes a bug in AccessControlContext, so it checks if the set of 
ProtectionDomains is empty.






/**************************************************************************/
[patch #3174] Full Item Snapshot:

URL: <http://savannah.gnu.org/patch/?func=detailitem&item_id=3174>
Project: classpath
Submitted by: Casey Marshall
On: Wed 06/30/2004 at 05:02

Category:  None
Priority:  3 - Low
Resolution:  None
Assigned to:  None
Originator Email:  
Status:  Open


Summary:  Default implementation of VMAccessController.getStack

Original Submission:  The attached patch provides a default implementation of 
java.security.VMAccessController.getStack, by calling Throwable.getStackTrace().

Note that this implementation will likely not work in general: this 
implementation needs to get classes by name, and may not be able to. Also, 
since unresolvable stack frames will be silently dropped, this can lead to code 
running with privileges it should not have.

Follow-up Comments
------------------


-------------------------------------------------------
Date: Fri 07/02/2004 at 03:13       By: rsdio
Attaching a new patch, that provides a simpler, but secure, implementation of 
getStack. It returns and empty stack, which will resolve to no permissions 
whatsoever. Thus, this implementation denys ANY attempt to access a protected 
resource, even by system classes.

This also fixes a bug in AccessControlContext, so it checks if the set of 
ProtectionDomains is empty.






File Attachments
-------------------

-------------------------------------------------------
Date: Fri 07/02/2004 at 03:13  Name: vmac2.patch  Size: 2.7KB   By: rsdio

http://savannah.gnu.org/patch/download.php?item_id=3174&amp;item_file_id=3423

-------------------------------------------------------
Date: Wed 06/30/2004 at 05:04  Name: vmac.ChangeLog  Size: 182B   By: rsdio

http://savannah.gnu.org/patch/download.php?item_id=3174&amp;item_file_id=3412

-------------------------------------------------------
Date: Wed 06/30/2004 at 05:02  Name: vmac.patch  Size: 3.48KB   By: rsdio

http://savannah.gnu.org/patch/download.php?item_id=3174&amp;item_file_id=3411






For detailed info, follow this link:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3174>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/







reply via email to

[Prev in Thread] Current Thread [Next in Thread]