harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [classlib][security] Changing system property java.home may cause incorrect initialization of java.security.Security class
Date Fri, 24 Nov 2006 11:34:39 GMT
Alexey Varlamov wrote:
> Boris, for the security-sensitive applications, there is appropriate
> guard in place:
> 
> public SecurityManager() {
>     SecurityManager security = System.getSecurityManager();
>     if (security != null) {
>           
> security.checkPermission(RuntimePermission.permissionToCreateSecurityManager);
> 
>        }
>        Class<?> type = Security.class; // initialize Security properties
>        if (type == null) {
>            throw new AssertionError();
>        }
> }
> 
> I believe this is enough. In fact if the code has enough privileges to
> modify such principal system properties, there might be even more
> severe problems...

I agree.

Regards,
Tim

-- 

Tim Ellison (t.p.ellison@gmail.com)
IBM Java technology centre, UK.

Mime
View raw message