Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8155775

Re-examine naming of privileged methods to access System properties

    Details

    • Type: Enhancement
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b118
    • CPU:
      generic
    • OS:
      generic

      Description

      JDK-8154231 introduced GetPropertyAction.getProperty et al, and after some discussion it was suggested to alter these methods to better indicate that calling these methods is performing a privileged action:

      GetPropertyAction.getProperty -> privilegedGetProperty
      GetPropertyAction.getProperties -> privilegedGetProperties
      GetIntegerAction.getProperty -> privilegedGetProperty

      Also a note should be added to all methods: "Note that this method performs a doPrivileged using caller-provided inputs. The caller of this method should take care to ensure that the inputs are not tainted and the returned property is not made accessible to untrusted code if it contains sensitive information."

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                redestad Claes Redestad
                Reporter:
                redestad Claes Redestad
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: