On Fri, 2006-01-27 at 13:50 +0000, Gary Benson wrote:
> Andrew Haley wrote:
> > Gary Benson writes:
> > > Hi all,
> > >
> > > Each time you execute a file with Runtime.exec() a VMProcess
> > > is created. The first time one of these is created it creates
> > > a thread and calls its setDaemon() method which (eventually)
> > > checks RuntimePermission("modifyThread").
> > >
> > > I guess there should be a doPrivileged() in here somewhere, but
> > > where?
> >
> > I guess I don't understand the real problem. Would it not make
> > sense simply to wrap the
> >
> > if (processThread == null)
> > {
> > processThread = new ProcessThread();
> > processThread.setDaemon(true);
> > processThread.start();
> > }
> >
> > in a doPrivileged ?
>
> That's where I was thinking. Is there (or should there be) something
> that protects these VM* classes from being used by non-Classpath code?And that seems indeed the right place to add the doPriviliged() block. VM* classes are "protected" from being used directly by non-Classpath code because they are package private. They should only be called after the public (non-VM) code has done the appropriate runtime checks. If that is done correctly then any (reference) code in the VMClass that needs any other permissions (like in this case) needs to do that inside a PrivilegedAction. Cheers, Mark
signature.asc
Description: This is a digitally signed message part
