[
https://issues.apache.org/jira/browse/FELIX-1285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard S. Hall reassigned FELIX-1285:
--------------------------------------
Assignee: Richard S. Hall (was: Karl Pauls)
> SecureAction captures the calling context incorrectly
> -----------------------------------------------------
>
> Key: FELIX-1285
> URL: https://issues.apache.org/jira/browse/FELIX-1285
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: felix-1.8.1
> Reporter: Richard S. Hall
> Assignee: Richard S. Hall
> Fix For: felix-2.0.0
>
>
> In SecureAction we capture the calling context for optimization purposes, but
> the context captures the current stack no matter who is on the stack. Since
> the whole point of SecureAction is to allow the framework to perform
> sensitive operations without worrying about who is on the call stack, this
> seems to be a bug since there could be someone with lower privileges on the
> stack. I think we need to capture the calling context inside a privileged
> block.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
