Fixed JRubyClassLoader to not require protective domain access check #817

Closed
wants to merge 1 commit into
from

Projects

None yet

3 participants

@ratnikov
Contributor

Loading protection domain requires an access check, and it seems like it's not necessary to actually provide one.

@BanzaiMan
Member

What is the issue that we are trying to solve?

@ratnikov
Contributor

I want to be able to load jruby with security manager but minimize
permissions I have to allow.
Calling Class#getProtectionDomain requires a
RuntimePermission("getProtectionDomain") and it seems to me that the
DEFAULT_DOMAIN is not really required (I think I even saw in one of the
implementations do exactly what I do: pass null).

Do you know of the reason it serves? From the original commit, it looked a
"just in case" kind of thing.

-- D

On Fri, Jun 21, 2013 at 11:35 PM, Hiro Asari notifications@github.com
wrote:

What is the issue that we are trying to solve?


Reply to this email directly or view it on GitHub.

@headius
Member
headius commented Jun 22, 2013

Passing null for the protection domain causes the classes to default to the system classloader's privileges. This prevents having sandbox child environments or environments with differing permissions in the same JVM.

We can modify the code to fall back on null if we can't acquire the protection domain, but we can't just pass null unconditionally.

@headius headius closed this in 1a2c1fe Jun 22, 2013
@headius
Member
headius commented Jun 22, 2013

If you have a test case you can give us that would fail without this patch, we'd love to incorporate it.

@ratnikov ratnikov deleted the ratnikov:fix-protective-domain branch Jun 24, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment