harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yuri Dolgov (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-2163) [classlib][security] Changing system property java.home may cause incorrect initialization of java.security.Security class
Date Mon, 13 Nov 2006 10:54:39 GMT
[classlib][security] Changing system property java.home may cause incorrect initialization
of java.security.Security class
--------------------------------------------------------------------------------------------------------------------------

                 Key: HARMONY-2163
                 URL: http://issues.apache.org/jira/browse/HARMONY-2163
             Project: Harmony
          Issue Type: Bug
          Components: Classlib
            Reporter: Yuri Dolgov


Problem details: 

Changing java.home system property causes incorrect initialization of java.security.Security
class. During the class initialization 'java.security' file is read. The file is located with
java.home system property. Changing java.home system property before Security class initilaization
results in impossibility to locate correct 'java.security' file. That leads to problems with
loading providers (see test below). Also there is possibility to load malicious 'java.security'
file.

 

The following test reproduces the issue:

 

Test.java

 

import java.security.MessageDigest;

public class Test {

    public static void main (String[] args) {

        try {

            System.setProperty("java.home", "foo/path");

            MessageDigest md = MessageDigest.getInstance("SHA-1");

        } catch (Exception e) {

            e.printStackTrace();

        }

    }

}


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message