[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cp-patches] FYI: fix for PR 23916
From: |
Casey Marshall |
Subject: |
[cp-patches] FYI: fix for PR 23916 |
Date: |
Sun, 25 Sep 2005 18:02:29 -0700 |
Hi,
I'm checking in this patch to fix PR 23916. The problem in that bug
was that we would never use the DomainCombiner specified in the
AccessControlContext passed to the 'doPrivileged' methods, but would
instead always set the DomainCombiner to our private, default
implementation. This breaks the Subject.doAs methods, because they
depend on the SubjectDomainCombiner being preserved.
This also adds a necessary permission check to an
AccessControlContext constructor, because without it, untrusted code
could pass their own specially-constructed DomainCombiner to
'doPrivileged,' and subvert proper access control checks.
Committed,
2005-09-25 Casey Marshall <address@hidden>
Fixes PR classpath/23916. Fix suggested by Santiago Gala
<address@hidden>.
* java/security/AccessControlContext.java
(<init>): update javadoc; check SecurityPermission
"createAccessControlContext" if a security manager is set.
(getProtectionDomains): new method.
* vm/reference/java/security/VMAccessController.java
(DEBUG): set to 'gnu.classpath.Configuration.DEBUG.'
(pushContext, popContext): add debug statement.
(getContext): debug output changes; include the DomainCombiner
specified in the AccessControlContext, if any.
PR23916.patch.txt
Description: Text document
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [cp-patches] FYI: fix for PR 23916,
Casey Marshall <=