Hi all, in JDK-8007035 SecurityManager.checkMemberAccess(Class<?> clazz, int which) has been deprecated. I'm using it to prevent sendboxed code from accessing private members in java.lang.System (to set SecurityManager to null for example)
is there any other way to protect java.lang.System private fields ? Thanks Enrico Olivelli Il 23/07/2013 20:35, [email protected] ha scritto:
http://hg.openjdk.java.net/jdk8/jdk8/rev/d2dcb110e9db http://hg.openjdk.java.net/jdk8/jdk8/nashorn/rev/598321c438b5 http://hg.openjdk.java.net/jdk8/jdk8/langtools/rev/82f68da70e47 http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/5be9c5bfcfe9 http://hg.openjdk.java.net/jdk8/jdk8/jaxws/rev/4fd722afae5c http://hg.openjdk.java.net/jdk8/jdk8/jaxp/rev/5d1974c1d7b9 http://hg.openjdk.java.net/jdk8/jdk8/hotspot/rev/bb416ee2a79b http://hg.openjdk.java.net/jdk8/jdk8/corba/rev/8d492f1dfd1b --- All the fixes will be tested during promotion (no PIT testing at this point): List of all fixes: =================== JDK-8020371 client-libs [macosx] applets with Drag and Drop fail with IllegalArgumentException JDK-8020298 client-libs [macosx] Incorrect merge in the lwawt code. JDK-8020210 client-libs [macosx] JVM crashes in CWrapper$NSWindow.screen(long) JDK-8020038 client-libs [macosx] Incorrect usage of invokeLater() and likes in callbacks called via JNI from AppKit thread JDK-8019587 client-libs [macosx] Possibility to set the same frame for the different screens JDK-8019265 client-libs [macosx] apple.laf.useScreenMenuBar regression comparing with jdk6 JDK-8017492 client-libs Static field in HTML parser affects all applications JDK-8016737 client-libs After clicking on "Print UNCOLLATED" button, the print out come in order 'Page 1', 'Page 2', 'Page 1' JDK-8015730 client-libs PIT: On Linux, OGL=true and fbobject=false leads to deadlock or infinite loop JDK-8014497 client-libs [parfait] Potential null pointer dereference in jdk/src/share/native/sun/java2d/cmm/lcms/cmsgamma.c JDK-8009168 client-libs accessibility.properties syntax issue JDK-8004859 client-libs Graphics.getClipBounds/getClip return difference nonequivalent bounds, depending from transform. JDK-7188095 client-libs TEST_BUG: 4 javax/sound manual tests should be modified to run with jtreg JDK-6707231 client-libs Wrong read Method returned for boolen properties JDK-8020508 core-libs Enforce reflection access restrictions on Object.bindProperties JDK-8020463 core-libs Input argument array wrapping in loadWithNewGlobal is wrong JDK-8020437 core-libs Wrong handling of line numbers with multiline string literals JDK-8020409 core-libs Clean up doclint problems in java.util package, part 1 JDK-8020380 core-libs __noSuchProperty__ defined in mozilla_compat.js script should be non-enumerable JDK-8020358 core-libs Array(0xfffffff) throws OutOfMemoryError JDK-8020357 core-libs Int32Array(Math.pow(2,31)-1).length throws java.lang.NegativeArraySizeException JDK-8020354 core-libs Object literal property initialization is not done in source order JDK-8020325 core-libs static property does not work on accessible, public classes JDK-8020324 core-libs Object.bindProperties(target, source) does not work when source object is a java bean JDK-8020318 core-libs Fix doclint issues in java.net JDK-8020294 core-libs Fix doclint issues in java.util.Spliterator JDK-8020283 core-libs Don't use exceptions for widening of ArrayData JDK-8020276 core-libs interface checking in Invocable.getInterface implementation JDK-8020224 core-libs LinkageError: attempted duplicate class definition when --loader-per-compiler=false JDK-8020223 core-libs ClassCastException: String can not be casted to ScriptFunction JDK-8020125 core-libs --print-lower-parse misses eval JDK-8020124 core-libs switch((Math.pow ? x = 1.2e3 : 3)) { default: return; } JDK-8020095 core-libs Fix doclint warnings in java.util.regex JDK-8020091 core-libs Fix HTML doclint issues in java.io JDK-8020062 core-libs Nest StreamBuilder interfaces inside relevant Stream interfaces JDK-8020040 core-libs Improve and generalize the F/J tasks to handle right or left-balanced trees JDK-8020035 core-libs nashorn jdk buildfile BuildNashorn.gmk still renamed jdk.nashorn.internal.objects package JDK-8020015 core-libs shared PropertyMaps should not be used without duplication JDK-8019983 core-libs (function(){ switch(1){ case 0: case '': default:return} return 1 })() returns 0 instead of undefined JDK-8019979 core-libs Replace CheckPackageAccess test with better one from closed repo JDK-8019963 core-libs empty char range in regex JDK-8019947 core-libs inherited property invalidation does not work with two globals in same context JDK-8019862 core-libs Fix doclint errors in java.lang.* JDK-8019857 core-libs Fix doclint errors in java.util.Format* JDK-8019822 core-libs Duplicate name and signature in finally block JDK-8019821 core-libs Boolean Cannot Be Cast To Integer JDK-8019819 core-libs Nullpointer exception in codegen JDK-8019814 core-libs Add regression test for passing cases JDK-8019811 core-libs Boolean to bitwise coercion error JDK-8019809 core-libs Break return statement can create erroneous bytecode JDK-8019805 core-libs for each (init; test; modify) is invalid JDK-8019799 core-libs api/java_util/jar/Pack200 test failed with compactX profiles. JDK-8019794 core-libs closed/java/util/logging/LoggerInAppContext.java failed on jdk8-b96 JDK-8019791 core-libs ~ is a unary operator JDK-8019783 core-libs typeof does not work properly for java methods and foreign objects JDK-8019629 core-libs void operator should always evaluate to undefined JDK-8019622 core-libs (sl) ServiceLoadet.next incorrect when creation and usages are in different contexts JDK-8019585 core-libs Another bytecode problem with typeof chains JDK-8019551 core-libs Make BaseStream public JDK-8019484 core-libs Sync j.u.c.ConcurrentHashMap from 166 to tl JDK-8019481 core-libs Sync misc j.u.c classes from 166 to tl JDK-8019395 core-libs Consolidate StreamSupport.{stream,parallelStream} into a single method JDK-8019381 core-libs HashMap.isEmpty is non-final, potential issues for get/remove JDK-8019370 core-libs Sync j.u.c Fork/Join from 166 to tl JDK-8019322 core-libs Forward port test/closed/java/lang/invoke tests from jdk7u to jdk8 JDK-8019184 core-libs MethodHandles.catchException() fails when methods have 8 args + varargs JDK-8017768 core-libs ClassNotFoundException if the parameter in Java.type() is an enum. JDK-8017447 core-libs Unmodifiable map entry becomes modifiable if taken from a stream of map entries JDK-8017329 core-libs 8b92-lambda regression: TreeSet("a", "b").stream().substream(1).parallel().iterator() is empty JDK-8017231 core-libs Add StringJoiner.merge JDK-8017212 core-libs File.createTempFile requires unnecessary "read" permission JDK-8017141 core-libs java.util/stream Spliterators from sequential sources should not catch OOME JDK-8017084 core-libs Use spill properties for large object literals JDK-8016681 core-libs regex capture behaves differently than on V8 JDK-8016341 core-libs java/lang/ref/OOMEInReferenceHandler.java failing intermittently JDK-8016285 core-libs Add java.lang.reflect.Parameter.isNamePresent() JDK-8015356 core-libs [].concat([,]).hasOwnProperty("0") should evaluate to false JDK-8015320 core-libs Pull spliterator() up from Collection to Iterable JDK-8015317 core-libs Optional.filter, map, and flatMap JDK-8015315 core-libs Stream.concat methods JDK-8014890 core-libs (ref) Reference queues may return more entries than expected JDK-8014785 core-libs Ability to extend global instance by binding properties of another object JDK-8013925 core-libs Remove symbol fields from nodes that don't need them JDK-8012191 core-libs noSuchProperty can't cope with vararg functions JDK-8011629 core-libs Object.defineProperty performance issue JDK-8011427 core-libs java.util.concurrent collection Spliterator implementations JDK-8011210 core-libs Investigate the cause of the findValue callsite miss in gbemu.js JDK-8010946 core-libs AccessControl.doPrivileged is broken when called from js script JDK-8010821 core-libs [findbugs] Some classes in jdk.nashorn.internal.runtime.regexp expose mutable objects JDK-8010679 core-libs Clarify "present" and annotation ordering in Core Reflection for Annotations JDK-8009758 core-libs JDK-8006529.js fails after recent method lookup changes JDK-8007035 core-libs deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which) JDK-7187144 core-libs JavaDoc for ScriptEngineFactory.getProgram() contains an error JDK-7129185 core-libs (coll) Please add Collections.emptyNavigableSet() JDK-7122142 core-libs (ann) Race condition between isAnnotationPresent and getAnnotations JDK-6480539 core-libs BigDecimal.stripTrailingZeros() has no effect on zero itself ("0.0") JDK-6178739 core-libs (fmt) Formatter.format("%0.4f\n", 56789.456789) generates MissingFormatWidthException JDK-8020308 core-svc Fix doclint issues in java.lang.management JDK-8019826 core-svc [Test bug] Test com/sun/management/HotSpotDiagnosticMXBean/SetVMOption.java fails with NPE JDK-8019594 core-svc TestObjectCountAfterGCEvent.java fails with wrong size of instances in event JDK-8017306 core-svc 2 closed/com/oracle/jfr/gc/ tests failed with AssertionError in nightly build on solaris-sparc JDK-8011702 core-svc TEST_BUG: Tests for "Improve robustness of JMX internal APIs" bug fix should be modified JDK-8010734 core-svc NPG: The test MemoryTest.java needs to be updated to support metaspace JDK-8010285 core-svc Enforce the requirement of Management Interfaces being public JDK-8020441 hotspot Enable test for 'Method Profiling Sample' event JDK-8019967 hotspot Write regression test for 8004811 JDK-8019815 hotspot remove option -XX:ParallelGCThreads=1 from TestYoungGarbageCollectionEvent.java JDK-8019419 hotspot Stabilize TestJavaThreadStatisticsEvent.java JDK-8017485 hotspot TestGCCauseWithSystemGC might get wrong GC events JDK-8017484 hotspot TestHeapSummaryEventConcurrentCMS gets concurrent CMS GC events JDK-8017446 hotspot disable fasttime for gc tests JDK-8016879 hotspot The object allocation event(s) create huge amount of data when enabled JDK-8015433 hotspot TestJcmdStartWithOptions.java interrupted on Solaris-sparc (Timeout?) JDK-8005161 hotspot TestPeriodicEventSampling.java gets wrong number of events JDK-8017566 other-libs Backout 8000450 - Cannot access to com.sun.corba.se.impl.orb.ORBImpl JDK-8020557 security-libs javadoc cleanup in javax.security JDK-8020321 security-libs Problem in PKCS11 regression test TestRSAKeyLength JDK-8020310 security-libs JDK-6356530 broke the old build JDK-8020164 security-libs TEST_BUG: DHKeyValidation test should be changed to use all values of y JDK-8019854 security-libs lib/security/cacerts/VerifyCACerts.java should be removed from problem list JDK-8019772 security-libs Fix doclint issues in javax.crypto and javax.security subpackages JDK-8019627 security-libs RuntimeException gets obscured during OCSP cert revocation checking JDK-8019410 security-libs sun/security/krb5/auto/ReplayCacheTestProc.java JDK-8019341 security-libs Update CookieHttpsClientTest to use the newer framework. JDK-8019267 security-libs NPE in AbstractSaslImpl when trace level >= FINER in KRB5 JDK-8012637 security-libs Adjust CipherInputStream class to work in AEAD/GCM mode JDK-8011547 security-libs Update XML Signature implementation to Apache Santuario 1.5.4 JDK-7196805 security-libs DH Key interoperability testing between SunJCE and JsafeJCE not successful JDK-7165807 security-libs Non optimized initialization of NSS crypto library leads to scalability issues JDK-6755701 security-libs SunJCE DES/DESede SecretKeyFactory.generateSecret throws InvalidKeySpecExc if passed SecretKeySpec JDK-8020586 tools Warning produced for an incorrect file JDK-8020286 tools Wrong diagnostic after compaction JDK-8020278 tools NPE in javadoc JDK-8020214 tools TEST_BUG: test/tools/javap/8007907/JavapReturns0AfterClassNotFoundTest.java broken JDK-8020149 tools Graph inference: wrong logic for picking best variable to solve JDK-8020147 tools Spurious errors when compiling nested stuck lambdas JDK-8019942 tools Graph inference: avoid redundant computation during bound incorporation JDK-8019824 tools very long error messages on inference error JDK-8019480 tools Javac crashes when method is called on a type-variable receiver from lambda expression JDK-8019340 tools varargs-related warnings are meaningless on signature-polymorphic methods such as MethodHandle.invokeExact JDK-8017618 tools NullPointerException in RichDiagnosticFormatter for bad input program JDK-8016702 tools use of ternary operator in lambda expression gives incorrect results JDK-8016640 tools compiler hangs if the generics arity of a base class is wrong JDK-8016175 tools Add bottom-up type-checking support for unambiguous method references JDK-8016060 tools Lambda isn't compiled with return statement JDK-8016059 tools Cannot compile following lambda JDK-8013404 tools Unclear spec for target typing with conditional operator (?:) JDK-8012242 tools Lambda compatibility and checked exceptions JDK-8012238 tools Nested method capture and inference JDK-8009924 tools some langtools tools do not accept -cp as an alias for -classpath JDK-8008200 tools java/lang/Class/asSubclass/BasicUnit.java fails to compile JDK-7041019 tools Bogus type-variable substitution with array types with dependencies on accessibility check JDK-6356530 tools -Xlint:serial does not flag abstract classes with concrete methods/members JDK-8020430 xml NullPointerException in xml sqe nightly result on 2013-07-12 JDK-8016648 xml FEATURE_SECURE_PROCESSING set to true or false causes SAXParseException to be thrown
