-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8270380: Change the default value of the java.security.manager system property to disallow #5204
Conversation
… property to disallow 8270380: Change the default value of the java.security.manager system property to disallow
👋 Welcome back weijun! A progress list of the required criteria for merging this PR into |
Webrevs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good Max.
One minor suggestion below
@@ -127,8 +125,7 @@ | |||
* <tr> | |||
* <th scope="row">null</th> | |||
* <td>None</td> | |||
* <td>Success or throws {@code SecurityException} if not permitted by | |||
* the currently installed security manager</td> | |||
* <td>Always throws {@code UnsupportedOperationException}</td> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure "Always" is needed, could just be "Throws UOE"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the same as the existing words for "disallow".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I agree with Lance that "Throws UOE" would be clearer in this table.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion accepted.
@wangweij This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 750 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
A somewhat broader question - I looked at the javadocs of this latest update to
Would this then allow the security manager to be used? In other words, can the value of |
It looks to me that the failures reported in the GitHub jobs are genuine and related to this change. It looks like the
|
@wangweij there are many tests that can call setSecurityManager() and will presumably need to be fixed before this switch can be applied. And all testing will need to be updated to require jtreg 6.1 (which no longer uses the SM) once it is released. Thanks, |
Mailing list message from Alan Bateman on security-dev: On 23/08/2021 05:45, David Holmes wrote:
Most of the preparation work for the tests was done via JDK-8267184 in JDK-8270380 isn't going to be integrated until after the upgrade the -Alan. |
Thanks for the clarification @AlanBateman . @wangweij my apologies as I misunderstood the affect this change was going to have on the existing warnings - which is none. David |
This issue (https://bugs.openjdk.java.net/browse/JDK-8270380) is blocked by jtreg 6.1 (https://bugs.openjdk.java.net/browse/CODETOOLS-7902990). Precisely, it should be blocked by a JDK bug that updates the jtreg required version to 6.1. I should have mentioned this in the PR. |
Whether to allow a SecurityManager to be installed later is determined at system initialization time, so there is no use to set it to "allow" inside a program. See
The spec in |
Thank you for that clarification @wangweij. |
In the class description of
The reason I think this is useful is that you can then add a link from |
New commit pushed. Sections added. |
@wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration! |
Still waiting for jtreg upgraded to 6.1. |
/integrate |
Going to push as commit d589b66.
Your commit was automatically rebased without conflicts. |
This change modifies the default value of the
java.security.manager
system property from "allow" to "disallow". This means unless it's explicitly set to "allow", any call toSystem.setSecurityManager()
would throw an UOE.This change was previously announced on the jdk-dev alias and is documented in JEP 411.
The
AllowSecurityManager.java
andSecurityManagerWarnings.java
tests are updated to confirm this behavior change. Two other tests are updated because they were added after JDK-8267184 and do not have-Djava.security.manager=allow
on its@run
line even it they need to install aSecurityManager
at runtime.Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/5204/head:pull/5204
$ git checkout pull/5204
Update a local copy of the PR:
$ git checkout pull/5204
$ git pull https://git.openjdk.java.net/jdk pull/5204/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 5204
View PR using the GUI difftool:
$ git pr show -t 5204
Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/5204.diff