On 15/08/2019 23:20, Peter Firmstone wrote:
:
The following code is included in the constructor of our
SecurityManager implementation, I suspect we may need to add some
classes to this list, perhaps this is something that needs documenting?
The checkPermission method of custom security manager
Hi Peter,
by explicitly ensuring the file system has been initialized before
installing a SecurityManager using a hook in System.setSecurityManager,
the patch at hand takes step to ensure things stay neutral w.r.t.
Permission initialization order when using any SecurityManager. It's not
perfectly
On 2019-08-15 21:21, Alan Bateman wrote:
On 15/08/2019 16:22, Claes Redestad wrote:
(adding back core-libs-dev)
Hi Roger,
seems easy enough to add a writeReplace:
http://cr.openjdk.java.net/~redestad/8229773/webrev.02
This mostly looks good. In LazyCodeSourcePermissionCollection it think
On 8/15/19 8:18 PM, Peter Firmstone wrote:
Hi Roger,
+1 for writeReplace
Personally I'd like to see some security classes break backward
compatibility and remove support for serialization as it allows someone
to get references to internal objects, especially since these classes
are cached by
Good catch!
For the engineGetOutputSize() implementation, as the inputLen parameter is an
external input, we may want to ensure it is not too big to integer overflow.
The Math.addExact() was used to check the overflow issues. What do you think
we keep using the Math.addExact() method, at line
On 16/08/2019 13:30, Claes Redestad wrote:
How about this:
http://cr.openjdk.java.net/~redestad/8229773/webrev.03/
Also simplified BuiltinClassLoader#getPermissions since the jrt-specific
optimization is now redundant.
Looks good.
-Alan
+1 from me as well.
--Sean
On 8/16/19 12:38 PM, Alan Bateman wrote:
On 16/08/2019 13:30, Claes Redestad wrote:
How about this:
http://cr.openjdk.java.net/~redestad/8229773/webrev.03/
Also simplified BuiltinClassLoader#getPermissions since the jrt-specific
optimization is now redundant.
Lo
+1
On 8/16/19 12:51 PM, Sean Mullan wrote:
+1 from me as well.
--Sean
On 8/16/19 12:38 PM, Alan Bateman wrote:
On 16/08/2019 13:30, Claes Redestad wrote:
How about this:
http://cr.openjdk.java.net/~redestad/8229773/webrev.03/
Also simplified BuiltinClassLoader#getPermissions since the
jr
Hello Alan,
Yes, we are aware of those issues.
I mean documenting that system Permission classes should be loaded
before setting a custom SecurityManager, accessing the file system is
important, so if you haven't loaded the necessary classes before setting
a custom SecurityManager, it won't b
Hello all,
This fixes a bug where stapled OCSP responses were being ignored by the
internal Validator in all cases when revocation checking is disabled.
If the TrustManagerFactory is initialized with CertPathParameters that
include a PKIXRevocationChecker, then that should override the
setRe
I think that's a good idea. I've made the change.
http://cr.openjdk.java.net/~jnimeh/reviews/8224997/webrev.02/
Thanks for the review,
--Jamil
On 8/16/19 9:36 AM, Xue-Lei Fan wrote:
Good catch!
For the engineGetOutputSize() implementation, as the inputLen parameter is an
external input, we
Looks good to me.
Xuelei
> On Aug 16, 2019, at 3:44 PM, Jamil Nimeh wrote:
>
> I think that's a good idea. I've made the change.
>
> http://cr.openjdk.java.net/~jnimeh/reviews/8224997/webrev.02/
>
> Thanks for the review,
>
> --Jamil
>
>> On 8/16/19 9:36 AM, Xue-Lei Fan wrote:
>> Good catc
12 matches
Mail list logo
