Re: [12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

Thu, 23 Aug 2018 07:13:25 -0700 

Hi,
The original basis for the security manager check was to ensure that the filter could not be replaced by untrusted code including code in the classes being deserialized 
that have access to the ObjectInputStream.

Regards, Roger

On 8/23/18 10:00 AM, Weijun Wang wrote:

This follows the convention of ObjectInputStream::setObjectInputFilter. IMHO, 
in that case the caller also creates the filter and it's only set on this input 
stream.

Maybe we shouldn't have added the permission check there?

Thanks
Max


On Aug 23, 2018, at 4:55 AM, Sean Mullan <sean.mul...@oracle.com> wrote:

One thing I am curious about. Is there a reason why 
getObject(ObjectInputFilter) requires a permission check?

In this case, the caller is the one creating the filter and passing it in, so 
the caller can only cause harm to themselves, and the ObjectInputStream is a 
local variable which is not returned. This method also does not mutate the 
contents of the SignedObject (or SealedObject) ... so I don't see the risk 
here. I think you can just wrap ObjectInputStream.setObjectInputFilter in 
doPrivileged.

--Sean

On 8/22/18 2:37 AM, Weijun Wang wrote:

Updated webrev at
    http://cr.openjdk.java.net/~weijun/8193859/webrev.02/
Changes:
1) More spec change
    - describing the filter in class spec
    - mentioning the system filter in existing getObject() methods
    - add "@throws InvalidClassException" to all getObject() methods
2) More test cases
    - check SecurityException when a security manager is set
    - set the system filter to see how existing getObject() works
The 2 tests are very similar but they belong to jdk_security1 and 
jdk_security2. Therefore I haven't combined them.
Thanks
Max

On Aug 17, 2018, at 10:56 PM, Weijun Wang <weijun.w...@oracle.com> wrote:

Please take a review at the updated webrev at

   http://cr.openjdk.java.net/~weijun/8193859/webrev.01

Changes only in doc, including

1) The "2018-8-15 updates" in the CSR [1]

2) formatting

Thanks
Max

[1] https://bugs.openjdk.java.net/browse/JDK-8193887


On Aug 14, 2018, at 11:19 PM, Roger Riggs <roger.ri...@oracle.com> wrote:

Hi,

On 8/14/2018 10:59 AM, Weijun Wang wrote:

s/initial process-wide filter/system filter/?

yes

Roger


--Max


[1]    8202675  Replace process-wide terminology in serial filtering to be 
consistent

Regards, Roger

Reply via email to