RE: Moving system properties to gnu.classpath.*

[Jeroen Frijters]

David Holmes wrote:
> And while I'd like to help with the general problem I frankly 
> don't have the time available to do so - sorry.

No problem. I'll try to cook up a proposal this week and hopefully you
can review it to see if it helps you or not.

> > Whenenever code tries to access a package and a security manager is
> > installed, SecurityManager.checkPackageAccess() is called, so all we
> > need to do is all the gnu.classpath package to the 
> package.access system
> > property.
> 
> Isn't that test in reflection only?

No, it's in the (system) class loader (or it is supposed to be,
Classpath doesn't yet have it). Try this on the Sun JVM:

public class test extends java.lang.SecurityManager
{
  public static void main(String[] args) throws Exception
  {
    System.setSecurityManager(new test());
    new java.util.Vector();
  }

  public void checkRead(String file) {}


  public void checkPackageAccess(String pkg)
  {
     if(pkg.equals("java.util")) throw new SecurityException();
     super.checkPackageAccess(pkg);
  }
}

Here is a interesting link I found:
http://www.net-security.org/vuln.php?id=3018

> I'm confused again about what is being proposed: a public API 
> with some kind of runtime check to deny access, or a private
> API with a runtime check to allow access (doPrivileged?) ?
> The former still seems to need VM magic,

I'm proposing a public API in a special package that is not accessible
to untrusted code and this does not require any VM magic (just a proper
implementation of SecurityManager.checkPackageAccess())

Regards,
Jeroen