Re: [cp-patches] Patch: Add security check to Class.getClasses()
Gary Benson wrote: Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Class.html#getClasses() Gary For this class _and_each_of_its_superclasses_, the Gary following security checks are performed: If there is a Gary security manager, the security manager's checkMemberAccess Gary method is called with this and Member.PUBLIC Interesting. The 1.5 text is different. Indeed, no superclass checks. Interesting. Perhaps the verifier checks make it unnecessary. David Daney. ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Add security check to Class.getClasses()
Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary Class.getClasses() was not performing the member access checks Gary like it ought. The attached patch fixes. I'm working on Gary mauve tests for all of Class's security calls so there will be Gary a check for this issue soonish. Class.getClasses is directly calling memberAccessCheck before it calls internalGetClasses. Also supposedly getClasses should call with Member.PUBLIC, not Member.DECLARED. So it seems to me that this patch is not needed. Ok, so I guess the documentation is inconsistent: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Class.html#getClasses() For this class _and_each_of_its_superclasses_, the following security checks are performed: If there is a security manager, the security manager's checkMemberAccess method is called with this and Member.PUBLIC http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html#PermsAndMethods For this class and each of its superclasses, checkMemberAccess(this, Member.DECLARED) is called... Presently Classpath checks Member.PUBLIC for this class but not for its superclasses. (Member.DECLARED is higher than Member.PUBLIC). FWIW Member.PUBLIC is consistent with getFields(), getMethods(), etc. Hmmm... Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Add security check to Class.getClasses()
Gary == Gary Benson [EMAIL PROTECTED] writes: Gary http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Class.html#getClasses() Gary For this class _and_each_of_its_superclasses_, the following Gary security checks are performed: If there is a security manager, the Gary security manager's checkMemberAccess method is called with this Gary and Member.PUBLIC Interesting. The 1.5 text is different. Tom ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Add security check to Class.getClasses()
Gary == Gary Benson [EMAIL PROTECTED] writes: Gary Class.getClasses() was not performing the member access checks like it Gary ought. The attached patch fixes. I'm working on mauve tests for all Gary of Class's security calls so there will be a check for this issue Gary soonish. Class.getClasses is directly calling memberAccessCheck before it calls internalGetClasses. Also supposedly getClasses should call with Member.PUBLIC, not Member.DECLARED. So it seems to me that this patch is not needed. Tom ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches