views:

20

answers:

1

I saw that to show a JOptionPane message dialog I need the shutdownHooks permition. What does it do? And what's the possible risk of give this permission to third party code?

+1  A: 

A shutdown hook is code that will be run by the VM before it exits (after all of the non-daemon threads have completed). That permission allows code to register one of these hooks (or unregister existing hooks) with the VM. The documentation lists the potential risks as "This allows an attacker to register a malicious shutdown hook that interferes with the clean shutdown of the virtual machine." (taken from the official documentation). Basically code would be able to disrupt the normal termination of the VM. Some possible examples are causing it to exit with a return code other than what it would normally or causing the VM to hang and not shutdown at all. That said I don't think there are a great deal of risks outside of those that normally running code would pose, and shutdown hooks are still be subject to the SecurityManager.

M. Jessup