felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard S. Hall (JIRA)" <j...@apache.org>
Subject [jira] Created: (FELIX-1285) SecureAction captures the calling context incorrectly
Date Mon, 29 Jun 2009 20:05:47 GMT
SecureAction captures the calling context incorrectly

                 Key: FELIX-1285
                 URL: https://issues.apache.org/jira/browse/FELIX-1285
             Project: Felix
          Issue Type: Bug
          Components: Framework
    Affects Versions: felix-1.8.1
            Reporter: Richard S. Hall
            Assignee: Karl Pauls
             Fix For: felix-2.0.0

In SecureAction we capture the calling context for optimization purposes, but the context
captures the current stack no matter who is on the stack. Since the whole point of SecureAction
is to allow the framework to perform sensitive operations without worrying about who is on
the call stack, this seems to be a bug since there could be someone with lower privileges
on the stack. I think we need to capture the calling context inside a privileged block.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message