--- old/src/share/classes/java/util/logging/ConsoleHandler.java	2013-12-08 19:34:47.432002898 +0100
+++ new/src/share/classes/java/util/logging/ConsoleHandler.java	2013-12-08 19:34:47.314004981 +0100
@@ -96,10 +96,10 @@
      *
      */
     public ConsoleHandler() {
-        sealed = false;
-        configure();
-        setOutputStream(System.err);
-        sealed = true;
+        doWithControlPermission(() -> {
+            configure();
+            setOutputStream(System.err);
+        });
     }
 
     /**
--- old/src/share/classes/java/util/logging/Handler.java	2013-12-08 19:34:47.731997602 +0100
+++ new/src/share/classes/java/util/logging/Handler.java	2013-12-08 19:34:47.614999667 +0100
@@ -27,6 +27,9 @@
 package java.util.logging;
 
 import java.io.UnsupportedEncodingException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
 /**
  * A <tt>Handler</tt> object takes log messages from a <tt>Logger</tt> and
  * exports them.  It might for example, write them to a console
@@ -62,10 +65,6 @@
     private volatile ErrorManager errorManager = new ErrorManager();
     private volatile String encoding;
 
-    // Package private support for security checking.  When sealed
-    // is true, we access check updates to the class.
-    boolean sealed = true;
-
     /**
      * Default constructor.  The resulting <tt>Handler</tt> has a log
      * level of <tt>Level.ALL</tt>, no <tt>Formatter</tt>, and no
@@ -302,12 +301,20 @@
     }
 
     // Package-private support method for security checks.
-    // If "sealed" is true, we check that the caller has
-    // appropriate security privileges to update Handler
-    // state and if not throw a SecurityException.
+    // We check that the caller has appropriate security privileges
+    // to update Handler state and if not throw a SecurityException.
     void checkPermission() throws SecurityException {
-        if (sealed) {
-            manager.checkPermission();
-        }
+        manager.checkPermission();
+    }
+
+    // Package-private support for executing actions with additional
+    // LoggingPermission("control", null) permission.
+    interface PrivilegedVoidAction extends PrivilegedAction<Void> {
+        default Void run() { runVoid(); return null; }
+        void runVoid();
+    }
+
+    void doWithControlPermission(PrivilegedVoidAction action) {
+        AccessController.doPrivileged(action, null, LogManager.controlPermission);
     }
 }
--- old/src/share/classes/java/util/logging/LogManager.java	2013-12-08 19:34:48.115990823 +0100
+++ new/src/share/classes/java/util/logging/LogManager.java	2013-12-08 19:34:47.996992924 +0100
@@ -1557,7 +1557,7 @@
         loadLoggerHandlers(rootLogger, null, "handlers");
     }
 
-    private final Permission controlPermission = new LoggingPermission("control", null);
+    static final Permission controlPermission = new LoggingPermission("control", null);
 
     void checkPermission() {
         SecurityManager sm = System.getSecurityManager();
--- old/src/share/classes/java/util/logging/MemoryHandler.java	2013-12-08 19:34:48.499984044 +0100
+++ new/src/share/classes/java/util/logging/MemoryHandler.java	2013-12-08 19:34:48.382986110 +0100
@@ -116,9 +116,7 @@
      * <tt>LogManager</tt> configuration properties.
      */
     public MemoryHandler() {
-        sealed = false;
-        configure();
-        sealed = true;
+        doWithControlPermission(this::configure);
 
         LogManager manager = LogManager.getLogManager();
         String handlerName = getClass().getName();
@@ -164,9 +162,7 @@
         if (size <= 0) {
             throw new IllegalArgumentException();
         }
-        sealed = false;
-        configure();
-        sealed = true;
+        doWithControlPermission(this::configure);
         this.target = target;
         this.pushLevel = pushLevel;
         this.size = size;
--- old/src/share/classes/java/util/logging/SocketHandler.java	2013-12-08 19:34:48.810978554 +0100
+++ new/src/share/classes/java/util/logging/SocketHandler.java	2013-12-08 19:34:48.688980708 +0100
@@ -118,16 +118,19 @@
      */
     public SocketHandler() throws IOException {
         // We are going to use the logging defaults.
-        sealed = false;
-        configure();
-
         try {
-            connect();
-        } catch (IOException ix) {
+            doWithControlPermission(() -> {
+                configure();
+                try {
+                    connect();
+                } catch (IOException ioe) {
+                    throw new UncheckedIOException(ioe);
+                }
+            });
+        } catch (UncheckedIOException uioe) {
             System.err.println("SocketHandler: connect failed to " + host + ":" + port);
-            throw ix;
+            throw uioe.getCause();
         }
-        sealed = true;
     }
 
     /**
@@ -146,9 +149,7 @@
      *         host and port.
      */
     public SocketHandler(String host, int port) throws IOException {
-        sealed = false;
-        configure();
-        sealed = true;
+        doWithControlPermission(this::configure);
         this.port = port;
         this.host = host;
         connect();
--- old/src/share/classes/java/util/logging/StreamHandler.java	2013-12-08 19:34:49.117973135 +0100
+++ new/src/share/classes/java/util/logging/StreamHandler.java	2013-12-08 19:34:49.001975182 +0100
@@ -103,9 +103,7 @@
      * Create a <tt>StreamHandler</tt>, with no current output stream.
      */
     public StreamHandler() {
-        sealed = false;
-        configure();
-        sealed = true;
+        doWithControlPermission(this::configure);
     }
 
     /**
@@ -116,11 +114,11 @@
      * @param formatter   Formatter to be used to format output
      */
     public StreamHandler(OutputStream out, Formatter formatter) {
-        sealed = false;
-        configure();
-        setFormatter(formatter);
-        setOutputStream(out);
-        sealed = true;
+        doWithControlPermission(() -> {
+            configure();
+            setFormatter(formatter);
+            setOutputStream(out);
+        });
     }
 
     /**