Re: SecurityManager environments

On 05/04/2017 20:53, Reto Merz wrote: >> To be honest, we don't see a lot of security manager >> usage on the server side these days. I'm really surprised about that. How can a app server or servlet container like JBoss Tomcat etc guarantee that System.exit does not shut down the JVM? AFAIK th

Re: SecurityManager environments

On 05/04/2017 21:23, Gregg Wonderly wrote: Desktop applications started from a double clicked jar file, have no explicit access to the command line. It just doesn’t exist for that application. It only exists for “all” applications (launched for mime-type mapped application mappings) in most

Re: Disallowing the dynamic loading of agents by default (revised)

On 05/04/2017 17:55, David M. Lloyd wrote: This is just plain weird from a security perspective, to say that unrelated processes have more privilege to control the current process than processes that are closely related. Anyway this is yet another case where arbitrary artificial hurdles are

Re: Review Request JDK-8175819: OS name and arch in JMOD files should match the values as in the bundle name

On 2017-04-04 10:04, Magnus Ihse Bursie wrote: On 2017-04-03 23:50, Mandy Chung wrote: On Apr 3, 2017, at 2:39 PM, mark.reinh...@oracle.com wrote: 2017/4/3 13:35:30 -0700, si...@cjnash.com: On 03/04/2017 21:15, mark.reinh...@oracle.com wrote: 2017/4/3 11:41:03 -0700, mandy.ch...@oracle.com:

Re: Disallowing the dynamic loading of agents by default (revised)

- Mail original - > De: "mark reinhold" > À: jigsaw-dev@openjdk.java.net > Envoyé: Mercredi 5 Avril 2017 18:15:20 > Objet: Disallowing the dynamic loading of agents by default (revised) > Thanks to everyone for the quick feedback on this topic, and especially > to Andrew for the construct

Re: Disallowing the dynamic loading of agents by default (revised)

On 6 April 2017 at 02:34, wrote: > Interesting. Perhaps we need a `Self-Premain-Class` attribute, or some > such. > > Out of curiosity, would it do any harm in your `java -jar` case if the > agent is activated? As it is right now, yes, that would cause the execution to potentially fail. Should

Re: Disallowing the dynamic loading of agents by default (revised)

On 05/04/17 17:15, mark.reinh...@oracle.com wrote: > Thanks to everyone for the quick feedback on this topic, and especially > to Andrew for the constructive dialogue. > > Here's a revised proposal: > > - Define a new VM option, `-XX:+EnableDynamicAgentLoading`, that's > on by default in JD

hg: jigsaw/jake/hotspot: Address review comments

Changeset: b4b842a1dbe6 Author:alanb Date: 2017-04-06 11:46 +0100 URL: http://hg.openjdk.java.net/jigsaw/jake/hotspot/rev/b4b842a1dbe6 Address review comments ! src/share/vm/classfile/vmSymbols.hpp ! src/share/vm/oops/klass.cpp ! src/share/vm/prims/jvmtiEnv.cpp

hg: jigsaw/jake/jdk: Address review comments

Changeset: 2182c183a9ad Author:alanb Date: 2017-04-06 13:21 +0100 URL: http://hg.openjdk.java.net/jigsaw/jake/jdk/rev/2182c183a9ad Address review comments ! src/java.base/share/classes/java/util/ServiceLoader.java ! src/java.base/share/classes/sun/launcher/LauncherHelper.java ! src

Re: Disallowing the dynamic loading of agents by default (revised)

On 04/06/2017 02:56 AM, Alan Bateman wrote: On 05/04/2017 17:55, David M. Lloyd wrote: This is just plain weird from a security perspective, to say that unrelated processes have more privilege to control the current process than processes that are closely related. Anyway this is yet another c

Re: Disallowing the dynamic loading of agents by default (revised)

On 06/04/17 13:56, David M. Lloyd wrote: > On 04/06/2017 02:56 AM, Alan Bateman wrote: >> On 05/04/2017 17:55, David M. Lloyd wrote: >> >>> >>> This is just plain weird from a security perspective, to say that >>> unrelated processes have more privilege to control the current process >>> than proce

Re: SecurityManager environments

> > On Apr 6, 2017, at 2:07 AM, Alan Bateman wrote: > > On 05/04/2017 20:53, Reto Merz wrote: > To be honest, we don't see a lot of security manager usage on the server side these days. >> >> I'm really surprised about that. How can a app server or servlet container >> like JBoss Tom

Re: SecurityManager environments

On 06.04.2017 15:24, Gregg Wonderly wrote: SecurityManager needs to be used more Potentially relevant academic research: http://www.cs.cmu.edu/~clegoues/docs/coker15acsac.pdf "We observed evidence that many developers struggle to understand and use the security manager for any purpose. This

Re: Disallowing the dynamic loading of agents by default (revised)

On 06/04/2017 13:56, David M. Lloyd wrote: I know, I'm giving examples of how such a library could circumvent this restriction. Another example is to start a child process and a grandchild process, and then have the child process exit. The examples in your first mail aren't a problem. Yes, t

RE: SecurityManager environments

Hi, > > >> To be honest, we don't see a lot of security manager > > >> usage on the server side these days. > > > > I'm really surprised about that. How can a app server or servlet container > > like JBoss Tomcat etc guarantee that System.exit does not shut down > > the JVM? > AFAIK the app server

Re: SecurityManager environments

I would agree with the paper that you shared, Dalibor. The SecurityManager system is not self-explanatory and I would also agree that, at least in the systems I worked with, there normally is no SecurityManager set, or even worse, the software fails with a SecurityManager set because some librar

Re: 8177530: Module system implementation refresh (4/2017)

FX build for jdk9+164 already was promoted last Friday. The changeset to use that build was pushed to jdk9/dev on Saturday (as per usual), but probably wasn't synced down to jdk9/jake. -- Kevin Mandy Chung wrote: FXLauncherTest.java should fail until FX change [1] is integrated and promoted

Re: 8177530: Module system implementation refresh (4/2017)

On 06/04/2017 15:30, Kevin Rushforth wrote: FX build for jdk9+164 already was promoted last Friday. The changeset to use that build was pushed to jdk9/dev on Saturday (as per usual), but probably wasn't synced down to jdk9/jake. Thanks. I will sync up jake once the jdk-9+164 tags have been push

Re: SecurityManager environments

We use the same approach like Elasticsearch (walk through stack trace and check caller). Note that this does not work in any case. For example this will bypass checkExit, sure, in Java 9 this would also need --add-opens to make reflection work:     Method halt0 = Class.forName("java.lang.Shutdo

RE: SecurityManager environments

Hi, Elasticsearch does not allow setAccessible() anywhere in its code (by security policy), except some places in trusted libraries like Apache Lucene for mmap unmapping support (but those must use doPrivileged for that), but plugins and Elasticsearch’s core cannot call setAccessible. See al

Re: Disallowing the dynamic loading of agents by default (revised)

Mark, I much prefer this proposal and it covers my use case which is fantastic Some comments below: > On Apr 5, 2017, at 12:15 PM, mark.reinh...@oracle.com wrote: > > Thanks to everyone for the quick feedback on this topic, and especially > to Andrew for the constructive dialogue. > > Here's

hg: jigsaw/jake/corba: 4 new changesets

Changeset: 8e9b64d90b69 Author:mchung Date: 2017-03-29 09:42 -0700 URL: http://hg.openjdk.java.net/jigsaw/jake/corba/rev/8e9b64d90b69 8173303: Add module-subgraph images to main platform documentation Reviewed-by: alanb, chegar, erikj, ihse, lancea ! src/java.corba/share/classes/mo

hg: jigsaw/jake/nashorn: 2 new changesets

Changeset: 8c8c38891345 Author:lana Date: 2017-04-06 17:01 + URL: http://hg.openjdk.java.net/jigsaw/jake/nashorn/rev/8c8c38891345 Added tag jdk-9+164 for changeset b473fab09baa ! .hgtags Changeset: 8ce75a7ba115 Author:alanb Date: 2017-04-06 18:55 +0100 URL: http

hg: jigsaw/jake/jaxws: 4 new changesets

Changeset: ee1849f16695 Author:mchung Date: 2017-03-29 09:42 -0700 URL: http://hg.openjdk.java.net/jigsaw/jake/jaxws/rev/ee1849f16695 8173303: Add module-subgraph images to main platform documentation Reviewed-by: alanb, chegar, erikj, ihse, lancea ! src/java.activation/share/class

hg: jigsaw/jake: 6 new changesets

Changeset: 66df71217ba3 Author:mchung Date: 2017-03-29 09:41 -0700 URL: http://hg.openjdk.java.net/jigsaw/jake/rev/66df71217ba3 8173303: Add module-subgraph images to main platform documentation Reviewed-by: alanb, chegar, erikj, ihse, lancea ! make/Javadoc.gmk ! make/Main.gmk Cha

hg: jigsaw/jake/jaxp: 4 new changesets

Changeset: 086b6a500c6c Author:mchung Date: 2017-03-29 09:42 -0700 URL: http://hg.openjdk.java.net/jigsaw/jake/jaxp/rev/086b6a500c6c 8173303: Add module-subgraph images to main platform documentation Reviewed-by: alanb, chegar, erikj, ihse, lancea ! src/java.xml/share/classes/modul

hg: jigsaw/jake/langtools: 14 new changesets

Changeset: bef1cba2d0d9 Author:ksrini Date: 2017-03-27 17:53 -0700 URL: http://hg.openjdk.java.net/jigsaw/jake/langtools/rev/bef1cba2d0d9 8175277: javadoc AssertionError when specified with release 8 Reviewed-by: jjg, jlahoda ! src/jdk.compiler/share/classes/com/sun/tools/javac/mai

hg: jigsaw/jake/hotspot: 11 new changesets

Changeset: fa10bec35262 Author:mdoerr Date: 2017-03-20 11:32 +0100 URL: http://hg.openjdk.java.net/jigsaw/jake/hotspot/rev/fa10bec35262 8176518: C2: Invalid ImplicitNullChecks with non-protected heap base Summary: Avoid generating implicit null checks if heap base is not protected R

hg: jigsaw/jake/jdk: 23 new changesets

Changeset: 6efd46c87aff Author:bpb Date: 2017-03-28 09:02 -0700 URL: http://hg.openjdk.java.net/jigsaw/jake/jdk/rev/6efd46c87aff 8177559: Enable java/nio/channels/Selector/OutOfBand.java for macOS >= 10.10.5 Summary: Enable test for macOS 10.10.5 and newer and remove from problem li

Build tools can help, if you let us

I replied on the expert list but it bounced off the moderation. Since this is a topic that affects everyone, I'm republishing my thoughts (only) here: - Our users are your users and therefore our interests should be absolutely aligned. Our users won't tolerate the build tool doing something c

Re: SecurityManager environments

This is correct, thank you for pointing it Uwe, but actually Reto's example will fail before the setAccessible call because we do not even allow accessDeclaredMembers (again, except for Lucene, for the RAM usage estimator). :) On Thu, Apr 6, 2017 at 2:32 PM Uwe Schindler wrote: Hi, Elasticsea

feedback on --permit-illegal-access

Hi, so today I found finally _JAVA_OPTIONS to get our gradle build running and of course I used --permit-illegal-access and I thought I give some feedback here. Running a clean test on our build will result in 44531 warning messages. Of which 6394 are unique. of course some of those warnings

RE: feedback on --permit-illegal-access

I have been using _JAVA_OPTIONS to get gradle working for over a year. I recently ran a build with --permit-illegal-access turned on (and --add-options taken out) and filed/updated bugs for several third-party jar files. There are problems with ant, xstream, simplestub, javassist, jmockit, jboss

Review Request: JDK-8178286 Missing @moduleGraph in javadoc

http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8178286/webrev.00/index.html This adds @moduleGraph in a few more modules that will be included in unified docs bundle. Mandy

Re: [aarch64-port-dev ] Review Request JDK-8175819: OS name and arch in JMOD files should match the values as in the bundle name

It is historical revisionism. AArch32 was introduced with ARMv8, before there was no need to distinguish between 32-bit and 64-bit execution states. If people are selecting, say, JNI libraries, based on os.arch, then there is every reason to be consistent. On 4 April 2017 at 17:39, Andrew Haley w

Re: 8177530: Module system implementation refresh (4/2017)

Hi Alan, The changes to jdk.internal.vm.compiler will need to go to https://github.com/graalvm/graal-core as well. For jdk10 we’re not doing two-way merges when we pull a fresh version of graal. For jdk9 it’s ok because we’re not going to refresh Graal th

Re: Review Request: JDK-8178286 Missing @moduleGraph in javadoc

+1 > On Apr 6, 2017, at 8:28 PM, Mandy Chung wrote: > > http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8178286/webrev.00/index.html > > This adds @moduleGraph in a few more modules that will be included > in unified docs bundle. > > Mandy

Re: SecurityManager environments

> > As regards the security manager then it's hard to see how it fits into the > discussion. To be honest, we don't see a lot of security manager usage on > the server side these days. I look at a lot of bug reports and error logs > that include the command line and I don't see -Djava.security.mana