[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [patch #3174] Default implementation of VMAccessController.getStack
From: |
Jeroen Frijters |
Subject: |
RE: [patch #3174] Default implementation of VMAccessController.getStack |
Date: |
Wed, 30 Jun 2004 12:19:58 +0200 |
> Summary: Default implementation of VMAccessController.getStack
>
> Original Submission: The attached patch provides a default
> implementation of java.security.VMAccessController.getStack,
> by calling Throwable.getStackTrace().
>
> Note that this implementation will likely not work in
> general: this implementation needs to get classes by name,
> and may not be able to. Also, since unresolvable stack frames
> will be silently dropped, this can lead to code running with
> privileges it should not have.
This seems like a really bad idea to me. Why have a default
implementation, if it's useless? Especially in the area of security, I
wouldn't do this.
Regards,
Jeroen
- RE: [patch #3174] Default implementation of VMAccessController.getStack,
Jeroen Frijters <=