RE: [patch #3174] Default implementation of VMAccessController.getStack

commit-classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [patch #3174] Default implementation of VMAccessController.getStack

From:	Jeroen Frijters
Subject:	RE: [patch #3174] Default implementation of VMAccessController.getStack
Date:	Wed, 30 Jun 2004 12:19:58 +0200

> Summary:  Default implementation of VMAccessController.getStack
> 
> Original Submission:  The attached patch provides a default 
> implementation of java.security.VMAccessController.getStack, 
> by calling Throwable.getStackTrace().
> 
> Note that this implementation will likely not work in 
> general: this implementation needs to get classes by name, 
> and may not be able to. Also, since unresolvable stack frames 
> will be silently dropped, this can lead to code running with 
> privileges it should not have.

This seems like a really bad idea to me. Why have a default
implementation, if it's useless? Especially in the area of security, I
wouldn't do this.

Regards,
Jeroen

[Prev in Thread]

Current Thread

[Next in Thread]

RE: [patch #3174] Default implementation of VMAccessController.getStack, Jeroen Frijters <=
- Re: [patch #3174] Default implementation of VMAccessController.getStack, Michael Koch, 2004/06/30
  - Re: [patch #3174] Default implementation of VMAccessController.getStack, Casey Marshall, 2004/06/30
    - Re: [patch #3174] Default implementation of VMAccessController.getStack, Michael Koch, 2004/06/30

Prev by Date: [patch #3174] Default implementation of VMAccessController.getStack
Next by Date: Re: [patch #3174] Default implementation of VMAccessController.getStack
Previous by thread: [patch #3174] Default implementation of VMAccessController.getStack
Next by thread: Re: [patch #3174] Default implementation of VMAccessController.getStack
Index(es):
- Date
- Thread