Since finalizers are planned for removal, as soon as finalizers are officially deprecated, I propose a command line flag be provided to disable jvm calls to finalizer methods.
-- Regards,Peter Firmstone.
To securely instrument access controls onto public Java API, we need to
have the ability to disable finalizers, to prevent finalizer attacks
from circumventing access controls.
- Re: A possible JEP to replace SecurityManager after JEP 41... Bernd Eckenfels
- Re: A possible JEP to replace SecurityManager after JEP 41... Sean Mullan
- Re: A possible JEP to replace SecurityManager after J... Peter Firmstone
- Re: A possible JEP to replace SecurityManager after J... Andrew Dinn
- Re: A possible JEP to replace SecurityManager aft... Peter Firmstone
- Re: A possible JEP to replace SecurityManager after J... David Lloyd
- Re: A possible JEP to replace SecurityManager aft... David Lloyd
- Re: A possible JEP to replace SecurityManager aft... Sean Mullan
- Re: A possible JEP to replace SecurityManager... David Lloyd
- Command line flag to disable finalizers. Peter Firmstone
- Re: Command line flag to disable fin... Sean Mullan
- Re: A possible JEP to replace SecurityManager... Martin Balao
- Re: A possible JEP to replace SecurityMan... Peter Firmstone
- Re: A possible JEP to replace SecurityMan... David Lloyd
- Re: A possible JEP to replace Securi... Peter Firmstone
- Re: A possible JEP to replace Securi... Alan Bateman
- Re: A possible JEP to replace Se... Peter Firmstone
- Re: A possible JEP to replace Se... Alan Bateman
- Re: A possible JEP to replace Se... Peter Firmstone
- Re: A possible JEP to replace Se... Bernd Eckenfels
