Tom Tromey wrote: >>>>>>"Gary" == Gary Benson <gbenson@xxxxxxxxxx> writes: > > >>>The reason there is still a lot of code that uses System.getProperty() >>>is either historical (i.e. SystemProperties was introduced after >>>that code was written) or because the author was unaware of >>>SystemProperties. We've not been as careful about this as we maybe >>>should be. > > > Gary> The Mauve tests I am writing should cover every method that's > Gary> documented as performing security tests on a property, so don't > Gary> worry about accidentally writing something insecure: I ought to > Gary> catch it in the next few weeks. > > I think the issue here is what happens when some random piece of > Classpath is run in an environment with a security manager. In this > case, the theory goes, we could get security failures where they ought > not occur. So, we end up using SystemProperties and PrivilegedAction > all over the place... > > IOW the security tests are testing that we properly call the security > manager in every place we're required to. This is great and > definitely necessary. But, it won't catch this failure mode, which is > that we're calling the security manager, and being rejected, when that > ought not to happen. > So what should happen in a class like gnu/java/net/protocol/http/HTTPConnection when we have to read properties? Should it use SystemProperties or PrivilegedAction? And is the answer documented anywhere? David Daney.
