The idea of having different declarative security realms is fine but it's not wh... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		_old_dude_ on Dec 12, 2021 \| parent \| context \| favorite \| on: CISA Director on Log4j Vulnerability The idea of having different declarative security realms is fine but it's not what the Java Security Manager is. The Java Security Manager is an API that allows to intercept and run codes, so devs use it as a Trojan Horse to patch code instead of fixing the root of the issue. The Java Security Manager should die.

nl on Dec 13, 2021 | [–]

> The idea of having different declarative security realms is fine but it's not what the Java Security Manager is.

But.. it is?

The JVM tracks where bytecode was loaded from, and then you can define a policy to limit what that code can do.

Here's an example giving read-only access to /etc

https://access.redhat.com/documentation/en-us/red_hat_jboss_...

vitus on Dec 12, 2021 | [–]

Good news, it is going to die.

https://openjdk.java.net/jeps/411

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact