[
https://issues.apache.org/jira/browse/LOG4J2-633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14020449#comment-14020449
]
Matt Sicker commented on LOG4J2-633:
------------------------------------
Here's a list of permissions that look relevant to our code that I know of:
# getClassLoader
# shutdownHooks
# getStackTrace
I'll go hunting through the other permissions to see what we might need.
> Need to check permissions when registering shutdown hooks and obtaining
> classloaders
> ------------------------------------------------------------------------------------
>
> Key: LOG4J2-633
> URL: https://issues.apache.org/jira/browse/LOG4J2-633
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.0-rc1
> Reporter: Ralph Goers
>
> http://docs.oracle.com/javase/6/docs/api/java/lang/RuntimePermission.html
> documents what operations require RuntimePermission checks. Log4j 2 doesn't
> check these in a lot of cases.
> Log4j should check the permissions but do so in a manner that doesn't
> significantly impact performance. For example, registering shutdown hooks is
> infrequent and so the overhead is minimal while calls to obtain a Classloader
> are done much more frequently and so the permission checks need to be
> minimized.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
