3

I'm curious if it's possible to restrict who can write to System.out/System.err using a SecurityManager. Looking at System.java this doesn't appear to be possible out of the box, but perhaps there's another layer I haven't looked at?

If it's not possible out of the box, is there a reasonable pattern for implementing a custom security check using System.setOut()/System.setErr()?

dimo414
  • 47,227
  • 18
  • 148
  • 244
  • No but you can require the `RuntimePermission("setIO")` to call `setOut()/setErr()`, as stated in the Javadoc. – user207421 Jun 26 '20 at 00:46
  • @MarquisofLorne that's sort of the opposite problem. Certainly if you wanted to lock down stdout/stderr you'd want to restrict that too, but the default stdout/stderr permits any caller, which isn't desirable in this circumstance. – dimo414 Jul 01 '20 at 02:31
  • Create your own delegating `PrintStream` which does check the if the caller has some specific permission. – Johannes Kuhn Dec 16 '20 at 13:44

0 Answers0