You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4j-dev@logging.apache.org by "Matt Sicker (JIRA)" <ji...@apache.org> on 2016/03/08 21:14:40 UTC
[jira] [Commented] (LOG4J2-633) Need to check permissions when
registering shutdown hooks and obtaining classloaders
[ https://issues.apache.org/jira/browse/LOG4J2-633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15185692#comment-15185692 ]
Matt Sicker commented on LOG4J2-633:
------------------------------------
Looks like this should be added to DefaultShutdownCallbackRegistry which means we might need a fallback no-op registry for when we can't do anything due to permission issues.
> Need to check permissions when registering shutdown hooks and obtaining classloaders
> ------------------------------------------------------------------------------------
>
> Key: LOG4J2-633
> URL: https://issues.apache.org/jira/browse/LOG4J2-633
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.0-rc1
> Reporter: Ralph Goers
>
> http://docs.oracle.com/javase/6/docs/api/java/lang/RuntimePermission.html documents what operations require RuntimePermission checks. Log4j 2 doesn't check these in a lot of cases.
> Log4j should check the permissions but do so in a manner that doesn't significantly impact performance. For example, registering shutdown hooks is infrequent and so the overhead is minimal while calls to obtain a Classloader are done much more frequently and so the permission checks need to be minimized.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org