Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
The change without ORB.java looks okay to me. Mandy On 2/10/15 4:11 AM, Mark Sheppard wrote: OK I'll remove it. I thought that property files had been migrated from lib to conf, as per conf/security, so I made the change regards Mark On 10/02/2015 11:37, Alan Bateman wrote: On 10/02/2015 11:20, Mark Sheppard wrote: thanks Alan the updated corba part is at http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev.02/ I assume ORB.java isn't meant to be in this webrev (the lib-conf issue is separate and I think will need an @implNote in additional to checking for orb.properties in both lib and conf). -Alan.
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
On 07/02/2015 00:22, Mark Sheppard wrote: Hi Alan, I had meant to remove the commented lines prior to generating the patch Okay, so ignoring that part then the rest looks good to me. Hopefully we have enough tests in this area that run with a security manager to help find any issues. -Alan
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
On 10/02/2015 11:20, Mark Sheppard wrote: thanks Alan the updated corba part is at http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev.02/ I assume ORB.java isn't meant to be in this webrev (the lib-conf issue is separate and I think will need an @implNote in additional to checking for orb.properties in both lib and conf). -Alan.
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
thanks Alan the updated corba part is at http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev.02/ regards Mark On 10/02/2015 09:14, Alan Bateman wrote: On 07/02/2015 00:22, Mark Sheppard wrote: Hi Alan, I had meant to remove the commented lines prior to generating the patch Okay, so ignoring that part then the rest looks good to me. Hopefully we have enough tests in this area that run with a security manager to help find any issues. -Alan
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
OK I'll remove it. I thought that property files had been migrated from lib to conf, as per conf/security, so I made the change regards Mark On 10/02/2015 11:37, Alan Bateman wrote: On 10/02/2015 11:20, Mark Sheppard wrote: thanks Alan the updated corba part is at http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev.02/ I assume ORB.java isn't meant to be in this webrev (the lib-conf issue is separate and I think will need an @implNote in additional to checking for orb.properties in both lib and conf). -Alan.
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
On 08/02/2015 06:58, Mandy Chung wrote: : Mark's patch is first to move it out from the boot loader to the ext class loader. Identifying the permissions required by corba requires more effort and not straight-forward. So it's granted with AllPermissions for now and reduce the permission set in the future. Just to add to Mandy's comment then another motive for this move is to make it easier to support the concept of upgradable modules that it cited in JEP 220. As part of JEP 220 then we have removed the legacy endorsed-standards override mechanism and the proposal is to bring in a new mechanism that allows app servers and others to override the version of the EE modules that are in Java SE. One module that needs to move is the java.transaction module but to get there requires moving the java.corba module first. -Alan.
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
On 7/02/2015 4:55 AM, Mark Sheppard wrote: Hi please oblige and review the following changes http://cr.openjdk.java.net/~msheppar/8068682/webrev/ http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev/ which address the issue in https://bugs.openjdk.java.net/browse/JDK-8068682 this change means CORBA ORB is loaded by the extension class loader and no longer has has its former privilege of system code. Just curious but under the pre-module extension mechanism installed extensions had full system privileges by default[1]: By default, installed optional packages in this standard directory are trusted. That is, they are granted the same privileges as if they were core platform classes (those in rt.jar). This default privilege is specified in the system policy file (in java-home/jre/lib/security/java.policy), but can be overridden for a particular optional package by adding the appropriate policy file entry (see Permissions in the JDK). Does this mean that under the module system, things associated with the Ext loader now need explicit policy entries in all cases? Thanks, David [1] https://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html as an interim measure corba is afforded all permissions privilege. this will be reduced in coming iterations. regards Mark
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
On 2/7/2015 5:10 PM, David Holmes wrote: On 7/02/2015 4:55 AM, Mark Sheppard wrote: Hi please oblige and review the following changes http://cr.openjdk.java.net/~msheppar/8068682/webrev/ http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev/ which address the issue in https://bugs.openjdk.java.net/browse/JDK-8068682 this change means CORBA ORB is loaded by the extension class loader and no longer has has its former privilege of system code. Just curious but under the pre-module extension mechanism installed extensions had full system privileges by default[1]: By default, installed optional packages in this standard directory are trusted. That is, they are granted the same privileges as if they were core platform classes (those in rt.jar). This default privilege is specified in the system policy file (in java-home/jre/lib/security/java.policy), but can be overridden for a particular optional package by adding the appropriate policy file entry (see Permissions in the JDK). Does this mean that under the module system, things associated with the Ext loader now need explicit policy entries in all cases? The default policy for the extensions was changed to no permission in JDK 9 b14: https://bugs.openjdk.java.net/browse/JDK-8040059 http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-April/026575.html Each component can further be deprivileged to the minimum set of permission like the recent change to JAX-WS, JAXB modules which are now only granted with specific permissions rather than all permissions: http://mail.openjdk.java.net/pipermail/core-libs-dev/2015-January/031023.html Mark's patch is first to move it out from the boot loader to the ext class loader. Identifying the permissions required by corba requires more effort and not straight-forward. So it's granted with AllPermissions for now and reduce the permission set in the future. Mandy Thanks, David [1] https://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html as an interim measure corba is afforded all permissions privilege. this will be reduced in coming iterations. regards Mark
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
On 06/02/2015 18:55, Mark Sheppard wrote: Hi please oblige and review the following changes http://cr.openjdk.java.net/~msheppar/8068682/webrev/ http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev/ which address the issue in https://bugs.openjdk.java.net/browse/JDK-8068682 this change means CORBA ORB is loaded by the extension class loader and no longer has has its former privilege of system code. as an interim measure corba is afforded all permissions privilege. this will be reduced in coming iterations. Are the changes to ORB.java meant to be in this patch? I'm just wondering whether the dynamic stub code should be removed rather than commented out. -Alan
Re: RFR: JDK-8068682 - Deprivilege/move java.corba to the ext class loader
Hi Alan, I had meant to remove the commented lines prior to generating the patch regards Mark On 06/02/2015 21:21, Alan Bateman wrote: On 06/02/2015 18:55, Mark Sheppard wrote: Hi please oblige and review the following changes http://cr.openjdk.java.net/~msheppar/8068682/webrev/ http://cr.openjdk.java.net/~msheppar/8068682/corba/webrev/ which address the issue in https://bugs.openjdk.java.net/browse/JDK-8068682 this change means CORBA ORB is loaded by the extension class loader and no longer has has its former privilege of system code. as an interim measure corba is afforded all permissions privilege. this will be reduced in coming iterations. Are the changes to ORB.java meant to be in this patch? I'm just wondering whether the dynamic stub code should be removed rather than commented out. -Alan