On Fri, 8 Sep 2023 08:26:16 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> There are some remaining places in 'general' JDK code (= code not related to > e.g. a specific tool) getting properties like : > > osName = System.getProperty(os.name) > > https://github.com/openjdk/jdk/blob/master/src/java.management/share/classes/sun/management/VMManagementImpl.java#L225 > > https://github.com/openjdk/jdk/blob/master/src/java.desktop/share/classes/sun/awt/FontConfiguration.java#L134 > > Those should be a PrivilegedAction . Many of the methods defined by RuntimeMXBea are specified to throw SecurityException if the SM denies reading the property. It looks like the changes to VMManagementImpl will break that. It's not clear from the bug report if there is a bug here or not. I think the starting point needs to be a test that runs with a SM set and demonstrates an exported API throwing a security exception when it is not specified to do so. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15629#issuecomment-1711327123
