Thanks Andrew,
For the simple case, of replacing the SecurityManager stack walk, one
could use reflection.
Thank you for also confirming that is not possible (or at least very
unlikely) to add a GuardBuilder to Java 8, the proposal is for JDK code
to use a provider mechanism, to intercept
Clarification inline below.
On 24/06/2021 11:03 am, Peter Firmstone wrote:
Hi Alan,
It is important to understand the reason for the inherited
AccessControlContext, in order to consider alternatives.
The motivation for inherited context, was simply to avoid privilege
escalation, prior to
Hi Alan,
It is important to understand the reason for the inherited
AccessControlContext, in order to consider alternatives.
The motivation for inherited context, was simply to avoid privilege
escalation, prior to Executors.
Whenever a permission check is made, the DomainCombiner, combines
Thanks Seán,
A good explanation. :)
Solaris was a very good platform for exposing and debugging race
conditions, of course we have very good static analysis now.
Regards,
Peter.
On 23/06/2021 5:10 pm, Seán Coffey wrote:
Thank for the feedback Peter. Comments inline.
On 22/06/2021 22:40,
> 8217408: Reduce storage of duplicate identifiers in TLS vectors in SunJSSE
Jack Hartstein has updated the pull request incrementally with one additional
commit since the last revision:
import cleanup in SupportedGroupsExtension
-
Changes:
- all:
> 8217408: Reduce storage of duplicate identifiers in TLS vectors in SunJSSE
Jack Hartstein has updated the pull request incrementally with one additional
commit since the last revision:
Delete CheckDuplicateCipherSuites.java
Does not test final implementation.
-
Changes:
> 8217408: Reduce storage of duplicate identifiers in TLS vectors in SunJSSE
Jack Hartstein has updated the pull request with a new target base due to a
merge or a rebase. The incremental webrev excludes the unrelated changes
brought in by the merge/rebase. The pull request contains 13
8217408: Reduce storage of duplicate identifiers in TLS vectors in SunJSSE
-
Commit messages:
- 8217408: Reduce storage of duplicate identifiers in TLS vectors in SunJSSE
- Changed ClientHello compression consumer loop to index by 1 instead of 2
(bytes vs shorts), and
On Wed, 23 Jun 2021 07:38:37 GMT, Aleksey Shipilev wrote:
> SonarCloud reports:
> "Remove or correct this useless self-assignment."
>
>
> if (cipherAlgo.equals("AES")) {
> this.keysize = keysize; // < here
> switch (keysize) {
> case 128:
>
On Fri, 18 Jun 2021 21:27:41 GMT, Anthony Scarpino
wrote:
>> Dongbo He has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Replace HashSet with TreeSet
>
> test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
> line
On Thu, 17 Jun 2021 08:16:42 GMT, Dongbo He wrote:
>> Now AlgorithmConstraints:checkAlgorithm uses List to check if an algorithm
>> has been disabled. It is less efficient when there are more disabled
>> elements in the list, we can use Set instead of List to speed up the search.
>>
>> Patch
On Wed, 23 Jun 2021 08:10:40 GMT, Aleksey Shipilev wrote:
> SonarCloud again complains about GaloisCounterMode.overlapDetection, in the
> similar way JDK-8263436 did. I think JDK-827 accidentally reintroduced
> the old code.
>
> The tangential question if JDK-827 reverted anything
On Wed, 9 Jun 2021 14:42:23 GMT, Mahendra Chhipa
wrote:
> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
This pull request has now been integrated.
Changeset: 7621fa37
Author:Mahendra Chhipa
Committer: Michael McMahon
URL:
On Wed, 23 Jun 2021 12:10:54 GMT, Mahendra Chhipa
wrote:
>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Implemented reviw comments.
Marked as
On Wed, 23 Jun 2021 12:10:54 GMT, Mahendra Chhipa
wrote:
>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Implemented reviw comments.
Marked as
> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
Mahendra Chhipa has updated the pull request incrementally with one additional
commit since the last revision:
Implemented reviw comments.
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/4432/files
- Mail original -
> De: "Andrew Dinn"
> À: "Peter Firmstone" , "discuss"
>
> Cc: "security-dev"
> Envoyé: Mercredi 23 Juin 2021 11:19:42
> Objet: Re: Authorization layer API and low level access checks.
> OHi Peter,
>
> n 23/06/2021 04:02, Peter Firmstone wrote:
>> 1. StackWalker -
OHi Peter,
n 23/06/2021 04:02, Peter Firmstone wrote:
1. StackWalker - Can stack walker be back ported to Java 8?
The right place to ask about this is the jdk8u updates project list.
However, you probably don't need to ask there because the answer is
almost certainly going to be a very
SonarCloud again complains about GaloisCounterMode.overlapDetection, in the
similar way JDK-8263436 did. I think JDK-827 accidentally reintroduced the
old code.
The tangential question if JDK-827 reverted anything else.
Additional testing:
- [x] `jdk_security` passes
-
SonarCloud reports:
"Remove or correct this useless self-assignment."
if (cipherAlgo.equals("AES")) {
this.keysize = keysize; // < here
switch (keysize) {
case 128:
cipherAlgo_OID = aes128CBC_OID;
Seems to be here since initial
Thank for the feedback Peter. Comments inline.
On 22/06/2021 22:40, Peter Firmstone wrote:
Was ever to run with SecurityManager?
I found the issue while porting to jdk8u where Solaris uses a
configuration file with the SunPKCS11 Provider by default - We have
tests to register Providers while
On 23/06/2021 04:02, Peter Firmstone wrote:
Note: I'm not sure how to replace an inherited AccessControlContext
(with a new implementation based on StackWalker functionality) at
thread creation time, as it must be created when threads are created,
possibly by using ThreadFactory everywhere,
On Tue, 22 Jun 2021 20:08:03 GMT, Sean Coffey wrote:
>> Sufficient permissions missing if this code was ever to run with
>> SecurityManager.
>>
>> Cleanest approach appears to be use of InnocuousThread to create the
>> cleaner/poller threads.
>> Test case coverage extended to cover the
23 matches
Mail list logo
