On Tue, 9 Jan 2024 10:46:27 GMT, Raffaello Giulietti <rgiulie...@openjdk.org> wrote:
>> src/java.base/share/classes/java/io/SerializationMisdeclarationChecker.java >> line 70: >> >>> 68: privilegedCheckAccessibleMethod(cl, WRITE_REPLACE_NAME, >>> 69: WRITE_REPLACE_PARAM_TYPES, Object.class); >>> 70: privilegedCheckAccessibleMethod(cl, READ_RESOLVE_NAME, >> >> Thinking ahead to when the security manager is removed, can the code that >> needs private access to field values (SUID) be more narrowly accessed? >> Perhaps switch to using a VarHandle and MethodHandles.Lookup. This may be a >> longer term issue and beyond the scope of this PR. >> >> In the naming of the `PrivilegedXXX` methods, I would drop the "privileged" >> part of the name. >> The methods do not change the privilege level and operate correctly if when >> the caller has the privileges needed. And all of these methods are read-only >> so there is no/little risk in their implementations and avoid refitting the >> terminology later. > > They are called `privilegedXXX` because they _are_ (already) privileged, not > because they change the privileges. > > But yes, in view of removing the security manager, the implementation could > be more "modern". Will have a look. > https://github.com/openjdk/jdk/pull/17129/commits/ff1b7068bd902f3030267afbc468e3244c944604 Thanks - that looks much cleaner. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/17129#discussion_r1447617134
