Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader

Sat, 07 Feb 2015 23:00:52 -0800 


On 2/7/2015 5:10 PM, David Holmes wrote:

On 7/02/2015 4:55 AM, Mark Sheppard wrote:

Hi
    please oblige and review the following changes
http://cr.openjdk.java.net/~msheppar/8068682/webrev/
http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev/

which address the issue in
https://bugs.openjdk.java.net/browse/JDK-8068682

this change means CORBA ORB is loaded by the extension class loader and
no longer has has its former privilege of system code.
Just curious but under the pre-module extension mechanism installed extensions had full system privileges by default[1]:
"By default, installed optional packages in this standard directory are trusted. That is, they are granted the same privileges as if they were core platform classes (those in rt.jar). This default privilege is specified in the system policy file (in <java-home>/jre/lib/security/java.policy), but can be overridden for a particular optional package by adding the appropriate policy file entry (see Permissions in the JDK)."
Does this mean that under the module system, things associated with the Ext loader now need explicit policy entries in all cases?
The default policy for the extensions was changed to no permission in JDK 9 b14: 
   https://bugs.openjdk.java.net/browse/JDK-8040059

http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-April/026575.html
Each component can further be deprivileged to the minimum set of permission like the recent change to JAX-WS, JAXB modules which are now only granted with specific permissions rather than all permissions: 
http://mail.openjdk.java.net/pipermail/core-libs-dev/2015-January/031023.html
Mark's patch is first to move it out from the boot loader to the ext class loader. Identifying the permissions required by corba requires more effort and not straight-forward. So it's granted with AllPermissions for now and reduce the permission set in the future. 

Mandy



Thanks,
David
[1] https://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html 


as an interim measure corba is afforded all permissions privilege.
this will be reduced in coming iterations.

regards
Mark

Reply via email to