Harmony
  1. Harmony
  2. HARMONY-6367

[classlib] Some Methods doesn't have security Permissions check as compared to SUN JDK.

    Details

    • Type: Bug Bug
    • Status: Reopened
    • Priority: Critical Critical
    • Resolution: Unresolved
    • Affects Version/s: 5.0M11
    • Fix Version/s: 5.0M12
    • Component/s: Classlib
    • Labels:
      None
    • Environment:
      JDK Security permission checks
    • Estimated Complexity:
      Guru

      Description

      Following Methods doesn't have security Permissions as compared to SUN JDK.
      -----------------------------------------------------------------------------------------------------------------
      1) java.net.URL: java.net.URLConnection openConnection(java.net.Proxy) - "checkConnect" missing in Harmony. Sun perform checkConnect if proxy is present. It checks whether user is allowed to connect to proxy.

      2) java.net.ServerSocket: void implAccept(java.net.Socket) : Harmony missing checkAccept in protected method. Anyone can create a subclass of SerSocket and accept connections.

      3) java.net.SocketPermission: boolean equals(java.lang.Object) - Harmony use getHostNameInternal method instead of calling getByName as done in Sun, to retrieve host name of the machine. Thats why checkConnect is never called before retrieving hostname.

      4) java.security.Provider: void load(java.io.InputStream) - Harmony misses checkSecurityAccess("putProviderProperty." + name) check

      5) java.security.ProtectionDomain: java.lang.String toString() - Harmony doesn't have checkPermission(SecurityConstants.GET_POLICY_PERMISSION)
      check in case Policy. isSet for dynamicPerms.

      -
      Varun Srivastava
      UT Austin

        Activity

          People

          • Assignee:
            Tim Ellison
            Reporter:
            varun srivastava
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 96h
              96h
              Remaining:
              Remaining Estimate - 96h
              96h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development