Re: Security permissions are skipped when Xbootclasspath is used

schemers@Eng
Wed, 27 Jan 1999 11:28:29 -0800 (PST)

Date: Wed, 27 Jan 1999 11:28:29 -0800 (PST)
From: schemers@Eng
To: "Purushottam Goel" <GPURUSHOTTAM@novell.com>
Subject: Re: Security permissions are skipped when Xbootclasspath is used
In-Reply-To: <s6aea7fd.014@prv-mail20.provo.novell.com>

Purushottam Goel writes:
> Hi...
>
> We noted an inconsistency while using java -Xbootclasspath.... The security / permissions are skipped when this option is used. i.e, A method which would normally be disallowed, is allowed when this option is given. i.e. access control is skipped.
>
> So, potentially, this a hole - all one needs to do is give the normal classpath along with this option, and subvert the entire Access Control mechanism.
>
> Is this a known problem or am I missing something ?
>

This is a not a problem, simply the way things work. Classes loaded
off the bootclasspath (note that -X options are unsupported) get loaded
by the system class loader and have all permissions granted to them.
The bootclasspath defaults to only including rt.jar and
i18n.jar. Anything loaded via the supported classpath option (which
is where all application classes should be loaded) will have a domain
and get assigned whatever permissions are specified in the policy.

Note that in JDK 1.1.x anything on classpath was treated as system
code and had all permissions. JDK 1.2 takes a big step forward in
cleaning up this situation.

The person launching java obviously already has complete access to a system,
so I'm not sure why they would want to subvert the access control
mechanism by putting evil classes on the bootclasspath.

roland