New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Export System Properties listed in the white list #34
Comments
Although I will be happy to have custom property from ITW rpinted out, isnt it clsoe to spying? |
In environment with security manager and shared classloaders, the properties can be to public. |
ok. Going on with private static string:method. |
Sure, go ahead! I was about to create a development branch with the initial implementation[1] when I saw your comment. In the initial implementation, I prove that abrt-java-connector is able to call a static method of a loaded class. I have found out that abrt-java-connector must not use Class loader to get the class defining the required method because this approach cause that the method is called for every uncaught exception in any application. Performing the class look up in the list of already loaded classes drastically decreases the number of useless calls. 1: 271d00f |
Related to #34 Signed-off-by: Jakub Filak <jfilak@redhat.com>
Related to #34 Signed-off-by: Jakub Filak <jfilak@redhat.com>
abrt-java-connector provides only the most important System Properties [1], but there are many other important properties that are required for successful resolution of reported bugs. For example icedtea-web developers needs to known URL which caused the exception [2].
For those who have concerns about the security issues, ABRT doesn't publish any data without a user's permission - users must review the published data and confirm that he wants to publish it, users are also allowed and encouraged to remove/modify security sensitive information.
1: http://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html
2: https://bugzilla.redhat.com/show_bug.cgi?id=1060390
The text was updated successfully, but these errors were encountered: