[Gcjwebplugin-devel] Re: [patch] Enable security manager by default, an

gcjwebplugin-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gcjwebplugin-devel] Re: [patch] Enable security manager by default, an

From:	Petter Reinholdtsen
Subject:	[Gcjwebplugin-devel] Re: [patch] Enable security manager by default, and make hidden switch to disable it
Date:	Wed, 5 Apr 2006 22:15:27 +0200
User-agent:	Mutt/1.5.10i

[Petter Reinholdtsen]
> As discussed with Thomas Fitzsimmons on #classpath, here is a patch
> to enable the Security Manager by default, and make it possible to
> disable it using an environment variable.

As discussed on IRC, here is a new patch, making the effect of this
environment variable depend on a compile time configure flag.

Index: configure.ac
===================================================================
RCS file: /sources/gcjwebplugin/gcjwebplugin/configure.ac,v
retrieving revision 1.57
diff -u -3 -p -r1.57 configure.ac
--- configure.ac        30 Mar 2006 04:30:14 -0000      1.57
+++ configure.ac        5 Apr 2006 20:13:27 -0000
@@ -48,6 +48,17 @@ AC_ARG_ENABLE([native-viewer],
                              [disable building of native viewer (enabled by 
default)])],
              [enable_native_viewer=no],[enable_native_viewer=yes])
 
+AC_ARG_ENABLE([appletviewer-security],
+              [AS_HELP_STRING([--disable-appletviewer-security]
+                             [make it possible to disable the security manager 
(disabled by default)])],
+[if test "x$enableval" = xyes; then
+   enforceSecurity=true
+else
+   enforceSecurity=false
+fi],
+[enforceSecurity=true])
+AC_SUBST(enforceSecurity)
+
 dnl Build native viewer if GCJ is present, if --disable-native-viewer
 dnl was not specified and if --with-java was not specified with a JVM
 dnl argument other than gij.
Index: src/gnu/gcjwebplugin/AppletViewer.java
===================================================================
RCS file: 
/sources/gcjwebplugin/gcjwebplugin/src/gnu/gcjwebplugin/AppletViewer.java,v
retrieving revision 1.42
diff -u -3 -p -r1.42 AppletViewer.java
--- src/gnu/gcjwebplugin/AppletViewer.java      5 Apr 2006 19:45:44 -0000       
1.42
+++ src/gnu/gcjwebplugin/AppletViewer.java      5 Apr 2006 20:13:27 -0000
@@ -38,6 +38,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
+import java.util.Properties;
 
 
 class AppletViewer
@@ -122,6 +123,12 @@ class AppletViewer
     System.exit(status);
   }
 
+  public static Properties getEnvironment() throws java.io.IOException {
+    Properties env = new Properties();
+    env.load(Runtime.getRuntime().exec("env").getInputStream());
+    return env;
+  }
+
   /**
    * The main method starting the applet viewer.
    *
@@ -208,6 +215,22 @@ class AppletViewer
     boolean heightGiven = false;
     boolean pluginMode = false;
     boolean verbose = false;
+    boolean secure = true;
+
+    /*
+     * Hidden option MAKE_GCJAPPLETVIEWER_INSECURE=true for testers
+     * willing to ignore the security problems to be able to test the
+     * class library.  Enabled using the
+     * --disable-appletviewer-security configure option, and disabled
+     * by default.  It should be removed when the GNU Classpath
+     * security manager system is working properly. [pere 2006-04-05]
+     */
+    if (!Configuration.enforceSecurity) {
+      Properties env = getEnvironment();
+      if (null != env.getProperty("MAKE_GCJAPPLETVIEWER_INSECURE")
+         && env.getProperty("MAKE_GCJAPPLETVIEWER_INSECURE").equals("true"))
+       secure = false;
+    }
 
     // This loop parses the command line, placing all option arguments
     // at the start of args, all non-options at the end, and setting
@@ -267,7 +290,8 @@ class AppletViewer
     if (dimensions.width < 0)
       dimensions.width = (int) (1.6 * dimensions.height);
 
-    //System.setSecurityManager(new AppletSecurityManager(pluginMode));
+    if (secure)
+       System.setSecurityManager(new AppletSecurityManager(pluginMode));
     
     if (pluginMode)
       {
Index: src/gnu/gcjwebplugin/Configuration.java.in
===================================================================
RCS file: 
/sources/gcjwebplugin/gcjwebplugin/src/gnu/gcjwebplugin/Configuration.java.in,v
retrieving revision 1.1
diff -u -3 -p -r1.1 Configuration.java.in
--- src/gnu/gcjwebplugin/Configuration.java.in  14 Mar 2004 11:10:59 -0000      
1.1
+++ src/gnu/gcjwebplugin/Configuration.java.in  5 Apr 2006 20:13:27 -0000
@@ -32,4 +32,5 @@ public interface Configuration
    * configure.ac.
    */
   String VERSION = "@VERSION@";
+  boolean enforceSecurity = @enforceSecurity@;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Gcjwebplugin-devel] [patch] Enable security manager by default, and make hidden switch to disable it, Petter Reinholdtsen, 2006/04/12
- [Gcjwebplugin-devel] Re: [patch] Enable security manager by default, and make hidden switch to disable it, Petter Reinholdtsen <=

Prev by Date: [Gcjwebplugin-devel] [patch] Enable security manager by default, and make hidden switch to disable it
Next by Date: [Gcjwebplugin-devel] Patch: updated tests and AppletTag fixes.
Previous by thread: [Gcjwebplugin-devel] [patch] Enable security manager by default, and make hidden switch to disable it
Next by thread: [Gcjwebplugin-devel] Patch: updated tests and AppletTag fixes.
Index(es):
- Date
- Thread