[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bypassing security manager checks (was: Re: Infinite loop)
From: |
Gary Benson |
Subject: |
Re: Bypassing security manager checks (was: Re: Infinite loop) |
Date: |
Thu, 17 Nov 2005 13:42:13 +0000 |
Jeroen Frijters wrote:
> Andrew Haley wrote:
> > Gary Benson writes:
> > > Michael Koch wrote:
> > > > The solution is to use gnu.classpath.SystemProperties.getProperty(...).
> > > > This does no security check. It is exactly for such issues.
> > >
> > > Out of interest, what stops user code from calling such things?
> >
> > Nothing. That's one of the bugs on the list.
>
> That's not exactly true. The system class loader does enforce that
> user code cannot access classes in protected packages. It's just
> that we don't have the proper security configuration files in place
> to define the protected packages yet.
You make it sound like an easy fix: is it?
What needs to be done, and where?
Cheers,
Gary