Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P3
Fix Version/s: 9
Affects Version/s: None
Component/s: security-libs
Labels:

Resolved In Build:
b14

This RFE proposes to remove granting all permissions for extensions (principle of least privilege). Also in JDK 9, we want to separate the privileges of as many system classes as possible.

Permissions for each JAR file shipped in the JDK's extension directory will be explicitly granted with all permission initially. This will allow each component team to identify minimum permissions required by each component and update the java.policy file accordingly. New tests will possibly be developed in this privilege separation effort.

The default policy for extensions is configured in the java.policy and it's granted with all permissions by default as specified in: http://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html. Customers installing libraries on extensions that require all permissions will need to update the java.policy for JDK 9 to explicitly specify that.

relates to

JDK-4215035 standard extensions path is hard-coded in default system policy file

Resolved

JDK-8042868 Add lib/ext/jfxrt.jar to java.policy file

Closed

JDK-8043277 Update jdk regression tests to extend the default security policy instead of override

Resolved

CODETOOLS-7900898 Provide jtreg policy option that doesn't override system policy

Resolved

JDK-8043406 Change default policy for JCE providers to run with as few privileges as possible

Resolved

JDK-8075706 Policy implementation does not allow policy.provider to be on the class path

Closed

JDK-8043419 Test lib/security/java.policy/Ext_AllPolicy.sh fails against JDK 9 compiler upgrade build

Closed

JDK-8159752 Grant de-privileged module permissions by default with java.security.policy override option

Closed

JDK-4287267 Subdivide the "system security domain".

Closed

links to

RT-36848

(4 relates to, 1 links to)

Assignee:: Mandy Chung (Inactive)

Reporter:: Mandy Chung (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2014-04-12 18:11

Updated:: 2017-05-16 17:41

Resolved:: 2014-05-09 09:36

Details

Description

Attachments

Issue Links

Activity

People

Dates