Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020637

Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P4
    • 13
    • None
    • security-libs
    • b16
    • Verified

    Description

      It is possible to change the mappings in a serialized java.security.Permissions object such that they no longer map correctly, and Permissions.readObject won't detect this. This can cause incorrect behavior in the implies method. For example, you could change the mapping of java.io.FilePermission to a java.util.PropertyPermissionCollection, and permissions.implies(new FilePermission(...)) would always return false.

      Attachments

        Activity

          People

            mullan Sean Mullan
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: