Return-Path: Delivered-To: apmail-jakarta-ant-dev-archive@apache.org Received: (qmail 47177 invoked from network); 31 Dec 2001 12:00:13 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 31 Dec 2001 12:00:13 -0000 Received: (qmail 27485 invoked by uid 97); 31 Dec 2001 11:59:56 -0000 Delivered-To: qmlist-jakarta-archive-ant-dev@jakarta.apache.org Received: (qmail 27291 invoked by uid 97); 31 Dec 2001 11:59:55 -0000 Mailing-List: contact ant-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Ant Developers List" Reply-To: "Ant Developers List" Delivered-To: mailing list ant-dev@jakarta.apache.org Received: (qmail 27257 invoked from network); 31 Dec 2001 11:59:54 -0000 Message-ID: <4D89CB1CCB13D51185DE00508BB466E65A7ACB@mtdiablo> From: "Kerns, Bob" To: "'Ant Developers List'" Subject: RE: Security Manager and System.exit Date: Mon, 31 Dec 2001 05:56:53 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Actually, there's a choice. Instead of replacing the SecurityManager, if one is installed, why not just ensure ant lacks the "exitVM" runtime permission? Then anything that Ant calls will not be able to execute exit() (unless it explicitly enables privileges), and a SecurityException will be thrown. (Unless, of course, the SecurityManager that's already installed is promiscuous and doesn't bother checking permissions. An InsecurityManager?) In other words, why reinvent the wheel? Just: 1) Load Ant using a SecureClassLoader (base AntClassLoader on SecureClassLoader instead of ClassLoader). 2) Implement getPermissions() on the class loader to *not* grant this RuntimePermission (you'll need to subclass PermissionCollection to *exclude* a permission that would otherwise be granted by the default Policy). 3) Install the standard SecurityManager if none is already installed. You don't need to load all of Ant with a secure class loader -- you just need one class, and have an invocation on the stack of a method on that class. So you don't have to switch to using AntClassLoader wholesale to accomplish this. -----Original Message----- From: Stephane Bailliez [mailto:sbailliez@imediation.com] Sent: Friday, December 14, 2001 3:43 AM To: Ant Developers List Subject: RE: Security Manager and System.exit > -----Original Message----- > From: Stefan Bodewig [mailto:bodewig@apache.org] > > So is there any issue if we use a System manager for JDK 1.2+ (see > > below) ? > > We may not want to blindly replace an existing SecurityManager. I > believe NetBeans installs its own and it wouldn't be nice to disable > it for example. There is not much choice. We must be able to detect System.exit when running JavaCommand so that means we must do something with the security manager, that is: make checkExit throws an exception and catch the exception when needed. Stephane -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: