Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6533031

Non-clear semantics of "localhost" for SocketPermission

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P3 P3
    • None
    • 6
    • core-libs
    • None
    • Cause Known
    • x86
    • linux

      Both description of java.netSocketPermission class and "Java Security Architecture" document
      introduce notion of "localhost" which can be passed to SocketPermission constructor as name of affected host.

      However it is not clear what this term means in case of host with several network interfaces - either several NICs, or one NIC with both IPv4 and IPv6 setup. Yet it may be virtual network interface (when PPP or VPN is used).

      There are two options of interpretation:

      1. All network interfaces on current host
      2. Network interface returned by InetAddress.getLocalHost()

      Let's note that java.net.DatagramSocket allows to bind socket to any local interface. At the same time SecurityManager.checkListen() method invoked to check permission to listen uses just parameter port of type int. It may implicitly mean that "localhost" means all network interfaces (at least for "listen" action).

      However in other parts of API spec meaning of term "local host" is different. For instance, in specification of java.net.InetAddress.getLocalHost() method "local host" means single interface assuming that one of several present ones is selected.

      So precise meaning of specifying permission for "localhost" is non-clear.

            Unassigned Unassigned
            sreznick Sergey Reznick (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Imported:
              Indexed: