On 05/12/2011 03:31 PM, Sean Mullan wrote:
Hi Omair,
Did you also file a corresponding bug report with this patch? I cannot
find one. That would have helped, as it would have been less likely to
have been missed.
No, I normally wait for an OpenJDK dev to look at the fix, comment and
file a bug against the best component. It often turns out that my
understanding of the bug is incomplete :)
I can file a bug on your behalf, or you can file one yourself via
http://bugs.sun.com/bugdatabase/index.jsp but I can't make any
guarantees this will get into JDK 7 at this point as we are really only
concentrating on fixing critical showstopper bugs.
First of all, do you do agree that this is a problem/regression that
should be addressed? Is the fix correct? I would appreciate it if you
could file the bug - I believe only Oracle developers have the necessary
privileges to make bugs public and assign it to themselves.
As for the fix getting into OpenJDK, as long as this fix gets into some
OpenJDK branch, I am fine. I am not too bothered if it gets into
OpenJDK8 or OpenJDK7 (or an OpenJDK7 update). It's really up to you guys
whether you want it in (proprietary) JDK7 or not - though I expect some
users of the proprietary JDK7 will be affected by this.
Thanks,
Sean
No, _thank you_ for taking some time to look at the bug. I appreciate
your efforts in trying to resolve this.
Cheers,
Omair
On 5/12/11 1:49 PM, Omair Majid wrote:
Hi,
Deepak Bhole posted this bug on the openjdk bugzilla a little while
ago, but it
seems to have fallen through the cracks:
https://bugs.openjdk.java.net/show_bug.cgi?id=100142
The bug report contains a test case and a patch for a regression in
how jar urls
are evaluated for security. With the Oracle JDK6, the result is:
$ /usr/java/latest/bin/java JarProtocolPermissionTest
jar:file:/usr/java/jdk1.6.0_24/jre/lib/ext/foo.jar!/ has
java.security.AllPermission? : true
While a recent build of OpenJDK7 gives a different result:
$
/home/omajid/code/hg.openjdk.java.net/jdk7/jdk7/build/linux-amd64/j2sdk-image/bin/java
JarProtocolPermissionTest
jar:file:/home/omajid/code/hg.openjdk.java.net/jdk7/jdk7/build/linux-amd64/j2sdk-image/jre/lib/ext/foo.jar!/
has java.security.AllPermission? : false
Is there anything I can do to get this in OpenJDK7?
Thanks,
Omair
