On Fri, 2006-01-27 at 13:50 +0000, Gary Benson wrote:
> Andrew Haley wrote:
> > Gary Benson writes:
> > > Hi all,
> > >
> > > Each time you execute a file with Runtime.exec() a VMProcess
> > > is created. The first time one of these is created it creates
> > > a thread and calls its setDaemon() method which (eventually)
> > > checks RuntimePermission("modifyThread").
> > >
> > > I guess there should be a doPrivileged() in here somewhere, but
> > > where?
> >
> > I guess I don't understand the real problem. Would it not make
> > sense simply to wrap the
> >
> > if (processThread == null)
> > {
> > processThread = new ProcessThread();
> > processThread.setDaemon(true);
> > processThread.start();
> > }
> >
> > in a doPrivileged ?
>
> That's where I was thinking. Is there (or should there be) something
> that protects these VM* classes from being used by non-Classpath code?
And that seems indeed the right place to add the doPriviliged() block.
VM* classes are "protected" from being used directly by non-Classpath
code because they are package private. They should only be called after
the public (non-VM) code has done the appropriate runtime checks. If
that is done correctly then any (reference) code in the VMClass that
needs any other permissions (like in this case) needs to do that inside
a PrivilegedAction.
Cheers,
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://developer.classpath.org/pipermail/classpath/attachments/20060129/88f1be92/attachment.pgp
