On 04/07/2013 15:44, Florian Weimer wrote:
Is there a way to prevent future calls to
AccessController.doPrivileged() from the same thread from actually
increasing privilege?
No. If the code has the relevant permissions it can call doPrivileged
together with the 1.0/1.1 legacy and new caller-sensitive methods. If
doPrivileged were blocked, things like class loading would break. And
wouldn't work for untrusted code as it could find some other thread to
run on (because of all the global state hanging around).
Reducing these privileges with a separate class loader seems to be the
official way to achieve that. Is there a way to get there without
defining and installing your own (global) security manager.
Close.
ProtectionDomain is the way to assign permission to code (optionally,
since 1.4, through Policy). Typically you would need also to use a
separate class loader if instead of attempting "least privilege" you
really didn't trust the code (see, for instance, the "mixed-code fix"
which uses a pair of class loader for a single applet context). You
shouldn't need to use a custom security manager.
Tom
