Hello, Is it safe to allow generic proxy objects, could they not execute arbritrary backend methods? Are the invocation handlers filtered indirectly?
What about those inner classes, are they stable? Could the whole protocol maybe changed to a different protocol? Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: serviceability-dev <serviceability-dev-r...@openjdk.java.net> im Auftrag von Kevin Walls <kev...@openjdk.java.net> Gesendet: Wednesday, December 22, 2021 7:22:26 PM An: serviceability-dev@openjdk.java.net <serviceability-dev@openjdk.java.net> Betreff: RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed Remove the use of Security Manager from jstatd. Add use of an ObjectInputFilter to restrict RMI. Also we can undo the property-setting Launcher.gmk change from: 8279007: jstatd fails to start because SecurityManager is disabled ..as that is no longer needed. Docs/man page update to follow (JDK-8278619). ------------- Commit messages: - Remove jstad launcher property setting to allow Security Manager. - Merge remote-tracking branch 'upstream/master' into 8272317_jstatd_secmgr - Add ObjectInputFilter - Merge remote-tracking branch 'upstream/master' into 8272317_jstatd_secmgr - 8272317: jstatd has dependency on Security Manager which needs to be removed Changes: https://git.openjdk.java.net/jdk/pull/6919/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6919&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8272317 Stats: 27 lines in 4 files changed: 4 ins; 15 del; 8 mod Patch: https://git.openjdk.java.net/jdk/pull/6919.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/6919/head:pull/6919 PR: https://git.openjdk.java.net/jdk/pull/6919