[concurrency-interest] ThreadPoolExecutor.shutdown() and permission

Remi Forax forax at univ-mlv.fr
Wed Oct 19 12:00:49 EDT 2005


David Holmes wrote:

>Remi,
>
>  
>
>>In ThreadPoolExecutor.shutdown(), if i have correctly understand the
>>documentation, the code first checks if permission "modifyThread"
>>is granted and then for each worker threads checks checkAccess.
>>
>>Why in order to check permission "modifyThread",
>>you use AccessController.checkPermission() and not
>>securityManager.checkPermission() ?
>>    
>>
>
>Only AccessController.checkPermission guarantees that you actually check if
>you have the permission. This class can't be modified by the application.
>
>The SecurityManager.checkAccess could do anything it wants even ignoring the
>installed security policy.
>  
>
Yes i agree with you,  but if the security manager wants to ignore the 
policy
it's not the responsibility of shutdown() to care about such detail.

By doing this, shutdown() you break the general security architecture of 
Java.
Perhaps for you, this code is more secure but if additionnal security 
checks are
implemented by the security manager, these tests are bypassed.
So this code can be considered as less secured.

>So to perform shutdown() you have to have the global modifyThread
>permission, and for each worker thread the SecurityManager's checkAccess
>must succeed.
>  
>
>David Holmes
>  
>
Rémi Forax




More information about the Concurrency-interest mailing list