Security permissions are skipped when Xbootclasspath is used

Purushottam Goel (GPURUSHOTTAM@novell.com)
Wed, 27 Jan 1999 05:45:08 -0700

Message-Id: <s6aea7fd.014@prv-mail20.provo.novell.com>
Date: Wed, 27 Jan 1999 05:45:08 -0700
From: "Purushottam Goel" <GPURUSHOTTAM@novell.com>
To: <java-security@java.sun.com>, <jni@java.sun.com>,
Subject: Security permissions are skipped when Xbootclasspath is used

Hi...=20

We noted an inconsistency while using java -Xbootclasspath.... The =
security / permissions are skipped when this option is used. i.e, A =
method which would normally be disallowed, is allowed when this option is =
given. i.e. access control is skipped.

So, potentially, this a hole - all one needs to do is give the normal =
classpath along with this option, and subvert the entire Access Control =
mechanism.=20

Is this a known problem or am I missing something ?

Thanks,
Purushottam.