ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <stev...@iseran.com>
Subject Re: [PATCH] Main.runBuild does not need to setSecurityManager
Date Mon, 10 Feb 2003 06:12:36 GMT
----- Original Message -----
From: "Stu Halloway (DevelopMentor)" <stu@develop.com>
To: "ant-dev" <ant-dev@jakarta.apache.org>
Sent: Sunday, February 09, 2003 11:15
Subject: [PATCH] Main.runBuild does not need to setSecurityManager


> Ant's runBuild makes an unnecessary call to setSecurityManager. This
> causes problems when running Ant with security turned on because that's
> a pretty sensitive permission to grant. :-)

this is interesting. There are actually plans to add a security manager
(optionally) into <java> to catch unplanned exits, but that is the only
place we'll need it. What you probably found was a half commented out bit of
work from, what, Ant 1.2 ?, with an attempt to set a security manager caught
the exits but introduced too much backwards incompatibility to be retained.

>
> I found this problem while testing PermissionSniffer [1], which is a
> prototype interactive SecurityManager. Sniffing out defects was an
> unexpected side effect.

hey, can you do Axis next? Or are you going to give us an <audit> ant task
to include in the Gump?

-steve


Mime
View raw message