Return-Path: Delivered-To: apmail-harmony-commits-archive@www.apache.org Received: (qmail 7825 invoked from network); 24 Nov 2006 12:42:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Nov 2006 12:42:24 -0000 Received: (qmail 73384 invoked by uid 500); 24 Nov 2006 12:42:33 -0000 Delivered-To: apmail-harmony-commits-archive@harmony.apache.org Received: (qmail 73361 invoked by uid 500); 24 Nov 2006 12:42:33 -0000 Mailing-List: contact commits-help@harmony.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@harmony.apache.org Delivered-To: mailing list commits@harmony.apache.org Received: (qmail 73352 invoked by uid 99); 24 Nov 2006 12:42:33 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Nov 2006 04:42:33 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Nov 2006 04:42:23 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 098777141E4 for ; Fri, 24 Nov 2006 04:42:03 -0800 (PST) Message-ID: <32400988.1164372123018.JavaMail.jira@brutus> Date: Fri, 24 Nov 2006 04:42:03 -0800 (PST) From: "Alexey Varlamov (JIRA)" To: commits@harmony.apache.org Subject: [jira] Commented: (HARMONY-2301) [luni] flawed SecurityManager.checkPackageAccess() impl In-Reply-To: <5896814.1164364141918.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://issues.apache.org/jira/browse/HARMONY-2301?page=comments#action_12452439 ] Alexey Varlamov commented on HARMONY-2301: ------------------------------------------ Ways to fix 1+2: 1) do not cache; 2) add some notification mechanism to j.l.Security, which should track if particular property value is changed and let SecurityManager instance know. My preference is for 1) until actual measurements can prove caching is useful here. > [luni] flawed SecurityManager.checkPackageAccess() impl > ------------------------------------------------------- > > Key: HARMONY-2301 > URL: http://issues.apache.org/jira/browse/HARMONY-2301 > Project: Harmony > Issue Type: Bug > Components: Classlib > Reporter: Alexey Varlamov > > There are several problems in the current implementation of j.l.SecurityManager.checkPackageAccess() method: > 1) Dead-end caching of "package.access" property on the first use; > 2) Thread-unsafe parsing to array of names: concurrent threads may fail with NPE accessing partially-filled array. > 3) Incomplete name matching procedure, only works for subpackges. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira