Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020637

Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 13
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b16
    • Verification:
      Verified

      Description

      It is possible to change the mappings in a serialized java.security.Permissions object such that they no longer map correctly, and Permissions.readObject won't detect this. This can cause incorrect behavior in the implies method. For example, you could change the mapping of java.io.FilePermission to a java.util.PropertyPermissionCollection, and permissions.implies(new FilePermission(...)) would always return false.

        Attachments

          Activity

            People

            Assignee:
            mullan Sean Mullan
            Reporter:
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: