From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13063 invoked by alias); 25 Nov 2005 00:02:02 -0000 Received: (qmail 13056 invoked by uid 22791); 25 Nov 2005 00:02:02 -0000 X-Spam-Check-By: sourceware.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (83.160.152.237) by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 25 Nov 2005 00:02:00 +0000 Received: from elsschot.wildebeest.org ([192.168.1.26]) by gnu.wildebeest.org with esmtp (Exim 3.36 #1 (Debian)) id 1EfR1x-0007eH-00; Fri, 25 Nov 2005 01:01:33 +0100 Subject: Re: SecurityException throwpoint audit From: Mark Wielaard To: Gary Benson Cc: mauve-discuss@sources.redhat.com In-Reply-To: <20051121165809.GB12340@redhat.com> References: <20051121165809.GB12340@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-VkwJmFUIz5HVKvkZwR8o" Date: Fri, 25 Nov 2005 00:02:00 -0000 Message-Id: <1132876894.5568.31.camel@localhost.localdomain> Mime-Version: 1.0 X-IsSubscribed: yes Mailing-List: contact mauve-discuss-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: mauve-discuss-owner@sourceware.org X-SW-Source: 2005-q4/txt/msg00038.txt.bz2 --=-VkwJmFUIz5HVKvkZwR8o Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Content-length: 1662 Hi Gary, On Mon, 2005-11-21 at 16:58 +0000, Gary Benson wrote: > I've been trying to work out how to test that permissions are checked > at every point they ought to be. There's a table of every such point > here: >=20 > http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html#Per= msAndMethods I would not trust that list as the definite guide. I just looked for a random method (which I was just working on for GNU Classpath) Toolkit.getSystemSelection() and it was not listed. > Some of these already have tests, but most probably do not. Before I > start creating tests I'm thinking that we need some way to correlate > mauve tests with the throwpoints on this (and future) lists. >=20 > How would people feel if I numbered the throwpoints on the above list > and noted them in their corresponding tests in some easily parsable > form (probably in comments like Tags are already). That way whether a > throwpoint is tested (and the location of the test) can be found with > a simple grep. >=20 > For simplicity I'd probably number the 1.4.2 list from 1-whatever. > Checks added in 1.5 can be added at the end of the list. I don't really like the numbering. I would propose to actually name the tests with somewhat meaningful names. Something like __ for each Permission and class.method() needing to check for that permission. (example: AWTPermission_Toolkit_getSystemSelection) Or maybe have a directory per PermissionClassName. That is how jacks is setup. It follows the JLS, but it doesn't use the section numbers, but logical names of the sections that the tests are for. Cheers, Mark --=-VkwJmFUIz5HVKvkZwR8o Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-length: 189 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQBDhlRexVhZCJWr9QwRAsU1AJ9a58xaKIBsGbUd/9pOs5i3WmYejACgibzH RphW5MUIIFm1ZYXSc9CSWMA= =2GqL -----END PGP SIGNATURE----- --=-VkwJmFUIz5HVKvkZwR8o--