> On 20 Apr 2017, at 00:31, Vladimir Kozlov <vladimir.koz...@oracle.com> wrote: > > Doug, > > Can you point (link) particular code which needs to be reviewed? And what > security issues could be?
I believe Chris had possible concerns with Services.initializeJVMCI() (at http://cr.openjdk.java.net/~dnsimon/8177845/hotspot/src/jdk.internal.vm.ci/share/classes/jdk.vm.ci.services/src/jdk/vm/ci/services/Services.java.udiff.html). As previously stated, I can't see any security issues with this method which is why it doesn't check JVMCIPermission. -Doug > > Thanks, > Vladimir > > On 4/19/17 2:12 PM, Doug Simon wrote: >>> 3. Services.initializeJVMCI() > >>>> 3 is harmless from a security perspective in my opinion. >>> Would be good if one of Oracle’s security engineers could take a quick look >>> just to be sure. >> Vladimir, can you please bring this to the attention of the relevant >> engineer. >>
