On 26/02/2022 22:14, Ethan McCue wrote:
I have a feeling this has been considered and I might just be articulating
the obvious - but:
As called out in JEP 411, one of the remaining legitimate uses of the
Security Manager is to intercept calls to System.exit. This seems like a
decent use case for the Scope Local mechanism.
I think it was mostly convenience to use the SM to intercept calls to
System.exit as it's not really security when all other permissions are
granted.
There have been a few prototypes of APIs in this area but none made to
the level of a good proposal. Using a SL or even TL set/remove is
interesting but you might want to survey some of the existing usages to
see if they are really stack confined. At least some of the uses have
been container applications with plugins that accidentally call
System.exit when running code not intended to run that way. I don't
think there is any guarantee that they run completely in the same thread
but some may do.
-Alan
