> On Apr 4, 2017, at 4:36 AM, Andrew Dinn <ad...@redhat.com> wrote: > > On 03/04/17 21:56, John Rose wrote: >> On Apr 3, 2017, at 12:03 PM, Gregg Wonderly <gregg...@cox.net> >> wrote: >>> >>> Alan, it is exactly this kind of comment from the team which just >>> tears apart the whole view that you might actually be considering >>> what everyone in the Java community needs. >> >> I think *this* comment is unfair to Alan. I read Alan as saying >> "don't assume that users can rely on an SM present". If I'm right, >> that is a far cry from tearing the community into parts. I think >> you would admit that not everyone uses SM. So you didn't ding Alan >> (who is doing really heroic work for the community) for simply >> reminding us that a SM-based approach would not serve the whole >> community equally. Did you impute some other motive to him? > > Thank you for posting this, John. I am hoping that Gregg simply misread > Alan's post because it definitely didn't merit the response it received.
Alan said: > The issue here is nothing to do with the security manager, assume no security > manager in the picture. But, I always have a security manager in the picture. It’s how I always grant access to various pieces of the JDK features to my application. It’s how I limit/grant access to the details that I care about my users being exposed to by using my software. So, saying that a SecurityManager doesn’t matter, when this is clearly a JVM security issue, just doesn’t fly for me. As I’ve already said, a command line argument can feel like a permission, but it is like AllPermission. It doesn’t help me manage what I am opening my users to. If I have to use the AllPermission for my users to deploy, and they are on a network, I’ve now opened them up to network penetration by other agents! That’s absolutely not acceptable to me. There should be a Permission mechanism at a high granularity of control, and grants to Jar files (which have been mentioned in another recent thread dealing with which modules can have agents inserted/active) make it possible to directly control all exposure from all paths of penetration. Gregg
