[
https://jira.jboss.org/jira/browse/JBREM-1116?page=com.atlassian.jira.plu...
]
Ron Sigal closed JBREM-1116.
----------------------------
Resolution: Done
All methods except SecurityUtility.skipAccessControl() have been migrated as private
static methods to the classes that call them.
There don't seem to be any security related issues in the test suite.
Remove SecurityUtility
----------------------
Key: JBREM-1116
URL:
https://jira.jboss.org/jira/browse/JBREM-1116
Project: JBoss Remoting
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 2.5.0.SP2 (Flounder)
Reporter: Ron Sigal
Assignee: Ron Sigal
Priority: Critical
Fix For: 2.5.1 (Flounder)
org.jboss.remoting.util.SecurityUtility is a collection of static methods that wrap
security sensitive method calls in a java.security.PrivilegedActionException or a
java.security.PrivilegedExceptionAction. It has the advantage of avoiding cluttering the
calling code, but it has the significant disadvantage that any code can call these public
methods and, using the permissions granted to Remoting, bypass security restrictions.
The methods should be migrated out of SecurityUtility and made inaccessible.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira