harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Ellison (JIRA)" <j...@apache.org>
Subject [jira] Closed: (HARMONY-2163) [classlib][security] Changing system property java.home may cause incorrect initialization of java.security.Security class
Date Mon, 04 Jun 2007 17:22:36 GMT

     [ https://issues.apache.org/jira/browse/HARMONY-2163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tim Ellison closed HARMONY-2163.
--------------------------------


No response, assuming ok.


> [classlib][security] Changing system property java.home may cause incorrect initialization
of java.security.Security class
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HARMONY-2163
>                 URL: https://issues.apache.org/jira/browse/HARMONY-2163
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: Yuri Dolgov
>            Assignee: Tim Ellison
>
> Problem details: 
> Changing java.home system property causes incorrect initialization of java.security.Security
class. During the class initialization 'java.security' file is read. The file is located with
java.home system property. Changing java.home system property before Security class initilaization
results in impossibility to locate correct 'java.security' file. That leads to problems with
loading providers (see test below). Also there is possibility to load malicious 'java.security'
file.
>  
> The following test reproduces the issue:
>  
> Test.java
>  
> import java.security.MessageDigest;
> public class Test {
>     public static void main (String[] args) {
>         try {
>             System.setProperty("java.home", "foo/path");
>             MessageDigest md = MessageDigest.getInstance("SHA-1");
>         } catch (Exception e) {
>             e.printStackTrace();
>         }
>     }
> }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message