commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew P. Del Buono (JIRA)" <j...@apache.org>
Subject [jira] Commented: (LOGGING-130) Potential missing privileged block for class loader
Date Wed, 06 May 2009 04:46:30 GMT

    [ https://issues.apache.org/jira/browse/LOGGING-130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12706299#action_12706299
] 

Matthew P. Del Buono commented on LOGGING-130:
----------------------------------------------

I should clarify, the reason for the "tainted execution path" is due to the fact that the
caller of HttpClient.<clinit> (hidden by "... 11 more") is untrusted (non-apache) code
which I am trying to sandbox. None of the code in org.apache.** nor com.mmoui.manager.** nor
java.** can contribute to this concept of "taint." 

> Potential missing privileged block for class loader
> ---------------------------------------------------
>
>                 Key: LOGGING-130
>                 URL: https://issues.apache.org/jira/browse/LOGGING-130
>             Project: Commons Logging
>          Issue Type: Bug
>    Affects Versions: 1.1.1
>         Environment: Windows 7 under Sun JRE 6 Update 13, 64-bit
> Running Commons HttpClient 3,1 w/ Commons Logging 1.1.1
>            Reporter: Matthew P. Del Buono
>
> When attempting to instantiate a HttpClient, a call to LogFactory.getLog() is made. Going
deeper, Commons Logging later attempts to make an unprivileged call to java.lang.ClassLoader.getParent().
Under systems with an installed SecurityManager (like mine), this may be forbidden.
> In particular, this call will require the RuntimePermission getClassLoader. In my particular
case, I am attempting to sandbox specific segments of code, and thus cannot grant this permission
to the user of HttpClient (and, thus, Commons Logging). However, I feel that Commons Logging
should be able to trust itself to make a self-checked call to ClassLoader.getParent().
> The stack trace for my situation (trimmed off to assist you) is as follows:
> Caused by: org.apache.commons.logging.LogConfigurationException: java.lang.SecurityException:
Cannot request this permission from a tainted execution path (Caused by java.lang.SecurityException:
Cannot request this permission from a tainted execution path)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:637)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310)
> 	at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685)
> 	at org.apache.commons.httpclient.HttpClient.<clinit>(HttpClient.java:66)
> 	... 11 more
> Caused by: java.lang.SecurityException: Cannot request this permission from a tainted
execution path
> 	at com.mmoui.manager.MinionSecurityManager.verifyUntainted(MinionSecurityManager.java:507)
> 	at com.mmoui.manager.MinionSecurityManager.checkPermission(MinionSecurityManager.java:263)
> 	at com.mmoui.manager.MinionSecurityManager.checkPermission(MinionSecurityManager.java:474)
> 	at java.lang.ClassLoader.getParent(ClassLoader.java:1233)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.getLowestClassLoader(LogFactoryImpl.java:1327)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.getBaseClassLoader(LogFactoryImpl.java:1247)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.createLogFromClass(LogFactoryImpl.java:1048)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:914)
> 	at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604)
> 	... 15 more
> I feel that LogFactoryImpl.getLowestClassLoader's call to java.lang.ClassLoader.getParent()
should be wrapped by AccessController.doPrivileged(). I can't think of any reason not to do
this currently. This would allow my application to trust Commons Logging and not have to grant
the RuntimePermission getClassLoader to the users of HttpClient.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message