Casey Marshall wrote: > I don't think anyone has gone through Classpath to see what > permission checks are missing, and nor has anyone audited the > code paths that implement these permissions. So the answer is > that we can't say for sure if Classpath is secure or not.
Over the past few months I've been writing Mauve checks to ensure that every permission check listed in http://tinyurl.com/o2ttz is checked in Classpath for PR 21891. Look for the testcases called security.java. Cheers, Gary
