-
Bug
-
Resolution: Unresolved
-
P4
-
1.4.0
-
Fix Understood
-
unknown
-
generic
Currently we don't support any wildcarding or prefixes with
respect to literal IP addresses in java.net.SocketPermission.
This means that when running with a security manager, you need
to set a lot of very specific individual permissions to do simple
things like enumerate all of the local interfaces and addresses.
This is particularly a problem for IPv6, but also applies to IPv4.
It should be possible to have a permission like the following:
permission SocketPermission "[fe80::/16]" "connect,accept"
which would mean permission to talk to any host on the local
link, as opposed to having to list all of the full IPv6
addresses literally.
respect to literal IP addresses in java.net.SocketPermission.
This means that when running with a security manager, you need
to set a lot of very specific individual permissions to do simple
things like enumerate all of the local interfaces and addresses.
This is particularly a problem for IPv6, but also applies to IPv4.
It should be possible to have a permission like the following:
permission SocketPermission "[fe80::/16]" "connect,accept"
which would mean permission to talk to any host on the local
link, as opposed to having to list all of the full IPv6
addresses literally.