[cp-patches] FYI: fix for PR 23916

classpath-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cp-patches] FYI: fix for PR 23916

From:	Casey Marshall
Subject:	[cp-patches] FYI: fix for PR 23916
Date:	Sun, 25 Sep 2005 18:02:29 -0700

Hi,

I'm checking in this patch to fix PR 23916. The problem in that bugwas that we would never use the DomainCombiner specified in theAccessControlContext passed to the 'doPrivileged' methods, but wouldinstead always set the DomainCombiner to our private, defaultimplementation. This breaks the Subject.doAs methods, because theydepend on the SubjectDomainCombiner being preserved.

This also adds a necessary permission check to anAccessControlContext constructor, because without it, untrusted codecould pass their own specially-constructed DomainCombiner to'doPrivileged,' and subvert proper access control checks.


Committed,

2005-09-25  Casey Marshall  <address@hidden>

    Fixes PR classpath/23916. Fix suggested by Santiago Gala
    <address@hidden>.
    * java/security/AccessControlContext.java
    (<init>): update javadoc; check SecurityPermission
    "createAccessControlContext" if a security manager is set.
    (getProtectionDomains): new method.
    * vm/reference/java/security/VMAccessController.java
    (DEBUG): set to 'gnu.classpath.Configuration.DEBUG.'
    (pushContext, popContext): add debug statement.
    (getContext): debug output changes; include the DomainCombiner
    specified in the AccessControlContext, if any.

PR23916.patch.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[cp-patches] FYI: fix for PR 23916, Casey Marshall <=

Prev by Date: Re: [cp-patches] Patch: RFA: javax.security.sasl -vs- 1.5
Next by Date: Re: [cp-patches] Introspector.getBeanInfo(class, int)
Previous by thread: [cp-patches] [generics] Patch: FYI: use SystemProperties
Next by thread: Re: [cp-patches] Introspector.getBeanInfo(class, int)
Index(es):
- Date
- Thread