Hi Martin, In my simplified test, I managed to reproduce the execution in the main thread, when I did not wait for a start and directly called get()...
as in your test here: 99 await(taskStarted); -Patrick Am 14.12.18 um 16:11 schrieb Martin Buchholz: > > > On Thu, Dec 13, 2018 at 4:37 AM Patrick Reinhart <[email protected] > <mailto:[email protected]>> wrote: > > Even if the security manager is enabled before the initialize of the > ForkJoinPool not all work is delegated to > InnocuousForkJoinWorkerThread > instances (sometimes it picks the main thread instead, that has > not the > restrictions, what I think should not be the case and is a potential > security leak too) > > > Looking again at testCommonPoolThreadContextClassLoader, we had once > noticed that a common pool task might escape into a caller thread, but > as usual, we then forgot about it. > > 97 // Ensure runInCommonPool is truly running in the common > pool, > 98 // by giving this thread no opportunity to "help" on get(). > > And this might indeed be a security problem that should be fixed.
