[wildfly-dev] Security manager and RuntimePermission
darran.lofthouse at jboss.com
Fri Sep 26 09:27:44 EDT 2014
At the same time I think we also need a better review of how
PrivilegedActions are actually used - we kind of have an approach of
using one every time we do something that could perform a security
manager check but really there are cases where the action should be
higher up the call stack.
Secondly we also need additional checking that parameters passed to a
privileged action are correctly sanitised.
On 26/09/14 14:21, David M. Lloyd wrote:
> There are several people (myself included) who have been using
> RuntimePermission as an easy way to define simple permissions for
> various purposes. However, by spec  the possible values of
> RuntimePermission are limited to a specific set defined by the JDK itself.
> Therefore our extensive usage of this permission in WildFly  and
> elsewhere needs to be revisited, and replaced with more specifically
> applicable permission types. I've created WFLY-3902  to cover the
> main portion of this work, however, non-core project members should also
> perform this same examination to fix this issue in their projects.
>  http://fpaste.org/136720/37116141/raw/
>  https://issues.jboss.org/browse/WFLY-3902
More information about the wildfly-dev