On Tue, 26 Nov 2024 00:31:24 GMT, Aleksei Efimov <aefi...@openjdk.org> wrote:
> This PR removes calls to and mentions of the `SecurityManager` and the
> `doPrivileged` from the `java.net.InetAddress` and
> `sun.net.util.IPAddressUtil` and related classes.
>
> Noteworthy changes:
> - the default value (`30s`) of the `networkaddress.cache.ttl` security
> property responsible for successfull address lookups kept unchanged, the
> mention of SM removed from the property description in the
> `net-properties.html` file.
> - connect permission checks are removed from the `InetAddress`, and relevant
> classes, like `SocketPermission`. `SocketPermission.initEphemeralPorts` was
> also modified to remove `doPrivileged`.
> - `RuntimePermission("inetAddressResolverProvider")` permission has been
> removed from the system-wide `InetAddressResolver` initialization code.
>
> `tier1` to `tier3` tests show no relevant failures.
Should we clean up the comment in `InetAddressCachePolicy.checkValue()` which
says:
/*
* If malicious code gets a hold of this method, prevent
* setting the cache policy to something laxer or some
* invalid negative value.
*/
Perhaps change that comment to just say:
// prevent setting the cache policy to something laxer
// or some invalid negative value.
That private method currently throws a `SecurityException` if the value being
updated is rejected. Should it throw some other exception instead?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22376#issuecomment-2500213746
