Peter Firmstone wrote:
3. In Jini security documentation I've seen on the web,
Subject.doAsPrivileged is called with a null AccessControlContext
executing the proxy, in doing so the proxy PD is no longer on the
stack, however it isn't clear when the proxy ProtectionDomain will
be added back onto the stack, will it be possible for an object to
be deserialised in a privileged context? It's highly possible,
because of delayed class loading.
This statement isn't correct, the inherited domains are still included
on the stack, which includes the proxy provided that
AccessController.doPrivileged method hasn't been called first. If the
proxy's PD is on the stack during the Subject.doAsPrivileged call, it
needs to have AuthPermission("doAsPrivileged"), which is undesirable.
The risk of deserialisation in a privileged context still exists
however, if a domain with minimal Privileges isn't on the stack during
deserialisation.
