[
https://issues.apache.org/jira/browse/LOG4J2-1563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15482737#comment-15482737
]
Jason Tedor commented on LOG4J2-1563:
-------------------------------------
{quote}How do we run a whole build with a security manager?{quote}
In Elasticsearch, we run all of our tests under a security manager. The way
that we do this is we have a custom test class that installs a security manager
when the class initializer for it runs. Log4j could do something similar.
That's the easy part. The hard part is figuring out which permissions for Log4j
are needed, and then handling the security exceptions that could arise if those
permissions are not granted.
> Log4j 2.6.2 can lose exceptions when a security manager is present
> ------------------------------------------------------------------
>
> Key: LOG4J2-1563
> URL: https://issues.apache.org/jira/browse/LOG4J2-1563
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.6.2
> Reporter: Jason Tedor
> Assignee: Gary Gregory
> Fix For: 2.7
>
> Attachments:
> 0001-Unify-handling-of-throwables-when-loading-class.patch,
> 0002-Remove-policy-in-throwable-proxy-security-test.patch,
> throwable-proxy-security-exception-2.6.2.patch
>
>
> When Log4j is rendering an exception, it can attempt to load classes that it
> does not have permissions to load when a security manager is present.
> I have a patch and a failing test case for this; I will submit it shortly.
> This is the backport for LOG4J2-1560.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org
For additional commands, e-mail: log4j-dev-h...@logging.apache.org
