bug-classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/42390] New: Missing Security Manager checks in classpath

From: varun at cs dot utexas dot edu
Subject: [Bug classpath/42390] New: Missing Security Manager checks in classpath apis
Date: 16 Dec 2009 04:02:17 -0000 
1)  Constructor missed the
sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION) check in the
java.io.ObjectOutputStream: void <init>(java.io.OutputStream) constructor call.
2) 
Method calls :<java.util.logging.LogManager: void
removePropertyChangeListener(java.beans.PropertyChangeListener)>

and 
<java.util.logging.LogManager: void
addPropertyChangeListener(java.beans.PropertyChangeListener)> 
misses LoggingPermission"control" check
3) Mehtod call :<java.io.File: boolean isHidden()>  missing the check for
checkRead()
4) Mehtod call :<java.security.ProtectionDomain: java.lang.String toString()>
missing sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION) for the
dynamic policy permission load.
5) 
Mehtod call :<java.net.Socket: void connect(java.net.SocketAddress)>
and  :<java.net.Socket: void connect(java.net.SocketAddress,int)> missing
checkConnect.
6)  Method <java.net.DatagramSocket: void connect(java.net.SocketAddress)>
should perform checkListen, checkMulticast, checkAccept on top of checkConnect


-- 
           Summary: Missing Security Manager checks in classpath apis
           Product: classpath
           Version: 0.97.2
            Status: UNCONFIRMED
          Severity: critical
          Priority: P3
         Component: classpath
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: varun at cs dot utexas dot edu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42390
reply via email to
[Prev in Thread] Current Thread [Next in Thread]