Ralph Goers created LOG4J2-633:
----------------------------------
Summary: Need to check permissions when registering shutdown hooks
and obtaining classloaders
Key: LOG4J2-633
URL: https://issues.apache.org/jira/browse/LOG4J2-633
Project: Log4j 2
Issue Type: Bug
Components: Core
Affects Versions: 2.0-rc1
Reporter: Ralph Goers
http://docs.oracle.com/javase/6/docs/api/java/lang/RuntimePermission.html
documents what operations require RuntimePermission checks. Log4j 2 doesn't
check these in a lot of cases.
Log4j should check the permissions but do so in a manner that doesn't
significantly impact performance. For example, registering shutdown hooks is
infrequent and so the overhead is minimal while calls to obtain a Classloader
are done much more frequently and so the permission checks need to be minimized.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
