On 04/04/17 15:58, Gregg Wonderly wrote:
> Alan said:
>
>> The issue here is nothing to do with the security manager, assume
>> no security manager in the picture.
>
> But, I always have a security manager in the picture. It’s how I
> always grant access to various pieces of the JDK features to my
> application. It’s how I limit/grant access to the details that I
> care about my users being exposed to by using my software. So,
> saying that a SecurityManager doesn’t matter, when this is clearly a
> JVM security issue, just doesn’t fly for me. As I’ve already said,
> a command line argument can feel like a permission, but it is like
> AllPermission. It doesn’t help me manage what I am opening my users
> to. If I have to use the AllPermission for my users to deploy, and
> they are on a network, I’ve now opened them up to network penetration
> by other agents! That’s absolutely not acceptable to me.
That may be so but, as Alan said, there are many other Java users who
have never had a security manager in the picture. You seem to be
assuming that we can rely on users to correct that omission as an
element of how we address this problem. I'd suggest that is just as
questionable -- indeed, probably more so -- as assuming that we can
rely on users to remember to reset the current proposed default to
enable dynamic agents.
Please try to assume that Alan might be arguing for a more nuanced
position than the one you assumed when his argument appears to be making
no sense to you. He is neither stupid nor ignorant of what a security
manager can and cannot do. If anything he says leads you to question
whether he is 'considering what everyone in the Java community needs'
then it is probably merits you seriously reviewing and definitely
confirming such an opinion before posting it.
regards,
Andrew Dinn
-----------
Senior Principal Software Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander
