harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Ellison (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-6367) [classlib] Some Methods doesn't have security Permissions check as compared to SUN JDK.
Date Wed, 04 Nov 2009 12:23:32 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-6367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12773465#action_12773465
] 

Tim Ellison commented on HARMONY-6367:
--------------------------------------

Varun,

Thanks for the bug report.  Please continue to report differences with the reference implementation,
but we need to be careful so it is ok to describe behavior differences (e.g.  Harmony doesn't
check this permission, but Sun does); please don't describe *how* Sun code works (e.g. the
Sun implementation calls foobar.moo()).

I've started fixing a few of these.  Following your numbering convention above:

(1) URL: fixed in repo revision r832453.

(3) SocketPermission: fixed in repo revision r832471.

(4) Provider: fixed in repo revision r832457.


Still working on the others.

Regards,
Tim


> [classlib] Some Methods doesn't have security Permissions check as compared to SUN JDK.
> ---------------------------------------------------------------------------------------
>
>                 Key: HARMONY-6367
>                 URL: https://issues.apache.org/jira/browse/HARMONY-6367
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>    Affects Versions: 5.0M11
>         Environment: JDK Security permission checks
>            Reporter: varun srivastava
>            Assignee: Tim Ellison
>            Priority: Critical
>             Fix For: 5.0M12
>
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Following Methods doesn't have security Permissions as compared to SUN JDK.
> -----------------------------------------------------------------------------------------------------------------
> 1) java.net.URL: java.net.URLConnection openConnection(java.net.Proxy) - "checkConnect"
missing in Harmony. Sun perform checkConnect if proxy is present. It checks whether user is
allowed to connect to proxy.
> 2) java.net.ServerSocket: void implAccept(java.net.Socket) : Harmony missing checkAccept
in protected method. Anyone can create a subclass of SerSocket and accept connections.
> 3) java.net.SocketPermission: boolean equals(java.lang.Object)  - Harmony use getHostNameInternal
method instead of calling getByName as done in Sun, to retrieve host name of the machine.
Thats why checkConnect is never called before retrieving hostname.
> 4) java.security.Provider: void load(java.io.InputStream) - Harmony misses checkSecurityAccess("putProviderProperty."
+ name) check
> 5) java.security.ProtectionDomain: java.lang.String toString() - Harmony doesn't have
checkPermission(SecurityConstants.GET_POLICY_PERMISSION)
> check in case Policy. isSet for dynamicPerms.
> -
> Varun Srivastava
> UT Austin

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message