From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31490 invoked by alias); 21 Nov 2005 16:58:15 -0000 Received: (qmail 31483 invoked by uid 22791); 21 Nov 2005 16:58:14 -0000 X-Spam-Check-By: sourceware.org Received: from gbenson.demon.co.uk (HELO gbenson.demon.co.uk) (80.177.220.214) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 21 Nov 2005 16:58:12 +0000 Received: from slippy.wire.rat ([192.168.1.1]) by gbenson.demon.co.uk with esmtp (Exim 3.36 #1) id 1EeEza-0004Ma-00 for mauve-discuss@sources.redhat.com; Mon, 21 Nov 2005 16:58:10 +0000 Received: from slippy.wire.rat (localhost.localdomain [127.0.0.1]) by slippy.wire.rat (8.13.1/8.13.1) with ESMTP id jALGw9vS013581 for ; Mon, 21 Nov 2005 16:58:09 GMT Received: (from gary@localhost) by slippy.wire.rat (8.13.1/8.13.1/Submit) id jALGw9d3013580 for mauve-discuss@sources.redhat.com; Mon, 21 Nov 2005 16:58:09 GMT Date: Mon, 21 Nov 2005 16:58:00 -0000 From: Gary Benson To: mauve-discuss@sources.redhat.com Subject: SecurityException throwpoint audit Message-ID: <20051121165809.GB12340@redhat.com> Mail-Followup-To: mauve-discuss@sources.redhat.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-IsSubscribed: yes Mailing-List: contact mauve-discuss-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: mauve-discuss-owner@sourceware.org X-SW-Source: 2005-q4/txt/msg00035.txt.bz2 Hi all, I've been trying to work out how to test that permissions are checked at every point they ought to be. There's a table of every such point here: http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html#PermsAndMethods Some of these already have tests, but most probably do not. Before I start creating tests I'm thinking that we need some way to correlate mauve tests with the throwpoints on this (and future) lists. How would people feel if I numbered the throwpoints on the above list and noted them in their corresponding tests in some easily parsable form (probably in comments like Tags are already). That way whether a throwpoint is tested (and the location of the test) can be found with a simple grep. For simplicity I'd probably number the 1.4.2 list from 1-whatever. Checks added in 1.5 can be added at the end of the list. It would be convenient if we made a version of the above list annotated with the throwpoint numbers, but obviously such a thing could not be distributed. It should be possible to write a script that would download and annotate the list for local use. Does this sound reasonable? Cheers, Gary