[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[patch #3174] Default implementation of VMAccessController.getStack
From: |
Casey Marshall |
Subject: |
[patch #3174] Default implementation of VMAccessController.getStack |
Date: |
Fri, 02 Jul 2004 00:58:11 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040701 |
This mail is an automated notification from the patch tracker
of the project: classpath.
/**************************************************************************/
[patch #3174] Latest Modifications:
Changes by:
Casey Marshall <address@hidden>
'Date:
Fri 07/02/2004 at 03:13 (US/Pacific)
------------------ Additional Follow-up Comments ----------------------------
Attaching a new patch, that provides a simpler, but secure, implementation of
getStack. It returns and empty stack, which will resolve to no permissions
whatsoever. Thus, this implementation denys ANY attempt to access a protected
resource, even by system classes.
This also fixes a bug in AccessControlContext, so it checks if the set of
ProtectionDomains is empty.
/**************************************************************************/
[patch #3174] Full Item Snapshot:
URL: <http://savannah.gnu.org/patch/?func=detailitem&item_id=3174>
Project: classpath
Submitted by: Casey Marshall
On: Wed 06/30/2004 at 05:02
Category: None
Priority: 3 - Low
Resolution: None
Assigned to: None
Originator Email:
Status: Open
Summary: Default implementation of VMAccessController.getStack
Original Submission: The attached patch provides a default implementation of
java.security.VMAccessController.getStack, by calling Throwable.getStackTrace().
Note that this implementation will likely not work in general: this
implementation needs to get classes by name, and may not be able to. Also,
since unresolvable stack frames will be silently dropped, this can lead to code
running with privileges it should not have.
Follow-up Comments
------------------
-------------------------------------------------------
Date: Fri 07/02/2004 at 03:13 By: rsdio
Attaching a new patch, that provides a simpler, but secure, implementation of
getStack. It returns and empty stack, which will resolve to no permissions
whatsoever. Thus, this implementation denys ANY attempt to access a protected
resource, even by system classes.
This also fixes a bug in AccessControlContext, so it checks if the set of
ProtectionDomains is empty.
File Attachments
-------------------
-------------------------------------------------------
Date: Fri 07/02/2004 at 03:13 Name: vmac2.patch Size: 2.7KB By: rsdio
http://savannah.gnu.org/patch/download.php?item_id=3174&item_file_id=3423
-------------------------------------------------------
Date: Wed 06/30/2004 at 05:04 Name: vmac.ChangeLog Size: 182B By: rsdio
http://savannah.gnu.org/patch/download.php?item_id=3174&item_file_id=3412
-------------------------------------------------------
Date: Wed 06/30/2004 at 05:02 Name: vmac.patch Size: 3.48KB By: rsdio
http://savannah.gnu.org/patch/download.php?item_id=3174&item_file_id=3411
For detailed info, follow this link:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3174>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/