Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8168906

Tighten permissions granted to the jdk.localedata module

    Details

    • Subcomponent:
    • Resolved In Build:
      b147
    • Verification:
      Not verified

      Description

      The jdk.localedata module is granted permission to read all system properties in lib/security/default.policy. However, from a scan of the code, it does not appear to read any system properties.

      The permissions should be tightened to only grant reading of the specific properties it needs.

        Activity

        Hide
        okutsu Masayoshi Okutsu added a comment -
        diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
        --- a/src/java.base/share/lib/security/default.policy
        +++ b/src/java.base/share/lib/security/default.policy
        @@ -155,7 +155,6 @@
         grant codeBase "jrt:/jdk.localedata" {
             permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
             permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
        - permission java.util.PropertyPermission "*", "read";
         };
         
         grant codeBase "jrt:/jdk.naming.dns" {
        Show
        okutsu Masayoshi Okutsu added a comment - diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy --- a/src/java.base/share/lib/security/default.policy +++ b/src/java.base/share/lib/security/default.policy @@ -155,7 +155,6 @@  grant codeBase "jrt:/jdk.localedata" {      permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";      permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; - permission java.util.PropertyPermission "*", "read";  };    grant codeBase "jrt:/jdk.naming.dns" {
        Hide
        rgoel Rachna Goel added a comment -
        test/sun/util/locale/provider/Bug8152817.java is a test with a SecurityManager.
        Show
        rgoel Rachna Goel added a comment - test/sun/util/locale/provider/Bug8152817.java is a test with a SecurityManager.
        Hide
        hgupdate HG Updates added a comment -
        URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/72beb0297b0c
        User: nishjain
        Date: 2016-11-22 07:32:32 +0000
        Show
        hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/72beb0297b0c User: nishjain Date: 2016-11-22 07:32:32 +0000
        Hide
        hgupdate HG Updates added a comment -
        URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/72beb0297b0c
        User: lana
        Date: 2016-11-30 21:39:08 +0000
        Show
        hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/72beb0297b0c User: lana Date: 2016-11-30 21:39:08 +0000

          People

          • Assignee:
            rgoel Rachna Goel
            Reporter:
            mullan Sean Mullan
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: