Hi Omair,
Did you also file a corresponding bug report with this patch? I cannot find one.
That would have helped, as it would have been less likely to have been missed.
I can file a bug on your behalf, or you can file one yourself via
http://bugs.sun.com/bugdatabase/index.jsp but I can't make any guarantees this
will get into JDK 7 at this point as we are really only concentrating on fixing
critical showstopper bugs.
Thanks,
Sean
On 5/12/11 1:49 PM, Omair Majid wrote:
Hi,
Deepak Bhole posted this bug on the openjdk bugzilla a little while ago, but it
seems to have fallen through the cracks:
https://bugs.openjdk.java.net/show_bug.cgi?id=100142
The bug report contains a test case and a patch for a regression in how jar urls
are evaluated for security. With the Oracle JDK6, the result is:
$ /usr/java/latest/bin/java JarProtocolPermissionTest
jar:file:/usr/java/jdk1.6.0_24/jre/lib/ext/foo.jar!/ has
java.security.AllPermission? : true
While a recent build of OpenJDK7 gives a different result:
$
/home/omajid/code/hg.openjdk.java.net/jdk7/jdk7/build/linux-amd64/j2sdk-image/bin/java
JarProtocolPermissionTest
jar:file:/home/omajid/code/hg.openjdk.java.net/jdk7/jdk7/build/linux-amd64/j2sdk-image/jre/lib/ext/foo.jar!/
has java.security.AllPermission? : false
Is there anything I can do to get this in OpenJDK7?
Thanks,
Omair
