RE: Moving system properties to gnu.classpath.*

[Jeroen Frijters]

David Holmes wrote:
> This seems to be a fairly critical part of the classloader security
> architecture that is simply not documented. This makes it 
> rather difficult to know how it is supposed to be implemented.

It looks more like a hack to me, but it seems to do exactly what I want,
so I'm not complaining.

> > It isn't trivial without creating your own class loader (which is a
> > privileged operation).
> 
> True, but the createClassloader permission is not supposed to imply
> accessPackage.* permission, but that is what could occur. 
> This might be a small crack inside the vault but it is still a crack
> that should not be there. Much of the security architecture talks
about 
> malicious classloaders, but you are implying that all classloaders are
> trustworthy.

True, but in reality I've never seen any evidence (or even suggestions)
that creating a class loader is safe on any VM (in fact, the Sun 1.4 VM
allows a custom class loader to redefine java.lang.Object and crash the
VM).

Regards,
Jeroen