Author: mattsicker
Date: Fri Jun 6 22:39:17 2014
New Revision: 1601027
URL: http://svn.apache.org/r1601027
Log:
Add security permission checks in Loader.static.
- Relates to LOG4J2-633.
- Also checks a couple related permissions.
Modified:
logging/log4j/log4j2/trunk/log4j-core/src/main/java/org/apache/logging/log4j/core/util/Loader.java
Modified:
logging/log4j/log4j2/trunk/log4j-core/src/main/java/org/apache/logging/log4j/core/util/Loader.java
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/log4j-core/src/main/java/org/apache/logging/log4j/core/util/Loader.java?rev=1601027&r1=1601026&r2=1601027&view=diff
==============================================================================
---
logging/log4j/log4j2/trunk/log4j-core/src/main/java/org/apache/logging/log4j/core/util/Loader.java
(original)
+++
logging/log4j/log4j2/trunk/log4j-core/src/main/java/org/apache/logging/log4j/core/util/Loader.java
Fri Jun 6 22:39:17 2014
@@ -19,6 +19,7 @@ package org.apache.logging.log4j.core.ut
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.ReflectPermission;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -46,6 +47,12 @@ public final class Loader {
if (ignoreTCLProp != null) {
ignoreTCL = OptionConverter.toBoolean(ignoreTCLProp, true);
}
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new RuntimePermission("getClassLoader"));
+ sm.checkPermission(new RuntimePermission("getStackTrace"));
+ sm.checkPermission(new ReflectPermission("suppressAccessChecks"));
+ }
}
/**
