harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Markov" <mikhail.a.mar...@gmail.com>
Subject Re: [classlib][security-kernel] Setting non-system SecurityManager for the first time
Date Wed, 10 Jan 2007 11:52:08 GMT
On 1/10/07, Alexey Varlamov <alexey.v.varlamov@gmail.com> wrote:

> I agree, this testcase demonstrates bugs in RI and J9 (btw, why did
> you call an uncaugth exception the "crash" ?).


Because i get Debug/Close window: "VM launcher has encountered a problem and
needs to close. We are sorry for the inconvenience." :-)*
*


> And I see nothing really strange in the behavoir of DRLVM, checking of
> SecurityPermission getProperty.package.access is not mandated by the
> API specification thus its result can (and should) be discarded.


But RI does not consult newly set SecurityManager for any additional
permissions.
I agree that this is not a problem - perhaps just a place for further
performance optimisations.

Regards,
Mikhail

--
> Alexey
>
> 2007/1/10, Mikhail Markov <mikhail.a.markov@gmail.com>:
> > Hi!
> >
> > While investigating https://issues.apache.org/jira/browse/HARMONY-2955JIRA
> > i've found an interesting thing:
> > The testcase below produces different result for 3 VMs (below as well)
> and
> > all 3 are rather weird:
> > RI:
> >  - need access to some security properties when calling
> > System.setSecurityManager for the first time - seems violation of the
> spec
> > to me.
> >  - but if uncomment the line #5 (and thus some static initializers will
> be
> > done) then the output is just "Security manager was successfully set."
> >
> > DRLVM:
> >  - checking java.security.SecurityPermission getProperty.package.accessand
> > althought it's not granted - successfully sets security manager
> (probably by
> > catching exception inside VM kernel classes)
> >
> > IBM VME:
> >  - checking the same java.security.SecurityPermission
> > getProperty.package.access and crashes as it's not granted
> >
> > From these 3 results DRLVM seems to me the closest to what is expected.
> >
> > I'm not sure what kinds of JIRAs should be open in this case:
> > I could suggest opening at least 2 JIRAs:
> > 1) "non-bug diff" as this code should silently work
> > 2) against IBM VME - as it crashes while checking additional properties
> > Not sure what to do with DRLVM as it's behaviour generally correct.
> >
> > Thoughts?
> >
> > Regards,
> > Mikhail
> >
> > -------- output --------------
> > RI:
> > Checking (java.security.SecurityPermission
> > getProperty.networkaddress.cache.ttl)...
> > Exception in thread "main" java.lang.ExceptionInInitializerError
> >        at java.lang.System.setSecurityManager0(System.java:275)
> >        at java.lang.System.setSecurityManager(System.java:244)
> >        at Test.main(Test.java:6)
> > Caused by: java.lang.SecurityException: (
> java.security.SecurityPermission
> > getProperty.networkaddress.cache.ttl) is not granted.
> >        at MySecurityManager.checkPermission(Test.java:14)
> >        at java.security.Security.getProperty(Security.java:724)
> >        at sun.net.InetAddressCachePolicy$1.run(
> InetAddressCachePolicy.java
> > :81)
> >        at java.security.AccessController.doPrivileged(Native Method)
> >        at sun.net.InetAddressCachePolicy.<clinit>(
> > InetAddressCachePolicy.java:77)
> >        ... 3 more
> >
> > DRLVM:
> > Checking (java.security.SecurityPermission getProperty.package.access
> )...
> > Security manager was successfully set.
> > Checking (java.lang.RuntimePermission getProtectionDomain)...
> >
> > IBM VME (crashes):
> > Checking (java.security.SecurityPermission getProperty.package.access
> )...
> > Exception in thread "main" java.lang.SecurityException: (
> > java.security.SecurityPermission getProperty.package.access) is not
> granted.
> >        at MySecurityManager.checkPermission(Test.java:14)
> >        at java.lang.SecurityManager.checkSecurityAccess(
> > SecurityManager.java:422)
> >        at java.security.Security.getProperty(Security.java:360)
> >        at org.apache.harmony.luni.util.PriviAction.run(PriviAction.java
> > :131)
> >        at java.security.AccessController.doPrivileged(
> AccessController.java
> > :179)
> >        at java.lang.SecurityManager.checkPackageProperty(
> > SecurityManager.java:333)
> >        at java.lang.SecurityManager.checkPackageAccess(
> SecurityManager.java
> > :34)
> >        at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java:54)
> >        at java.lang.ClassLoader.loadClass(ClassLoader.java:620)
> >        at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java:60)
> >        at java.lang.ClassLoader.loadClass(ClassLoader.java:594)
> >        at MySecurityManager.checkPermission(Test.java:13)
> >        at java.lang.SecurityManager.checkSecurityAccess(
> > SecurityManager.java:422)
> >        at java.security.Security.getProperty(Security.java:360)
> >        at org.apache.harmony.luni.util.PriviAction.run(PriviAction.java
> > :131)
> >        at java.security.AccessController.doPrivileged(
> AccessController.java
> > :179)
> >        at java.lang.SecurityManager.checkPackageProperty(
> > SecurityManager.java:333)
> >        at java.lang.SecurityManager.checkPackageAccess(
> SecurityManager.java
> > :34)
> >        at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java:54)
> >        at java.lang.ClassLoader.loadClass(ClassLoader.java:594)
> >        at Test.main(Test.java:7)
> > Checking (java.lang.RuntimePermission modifyThreadGroup)...
> >
> > -------- Test.java -----------
> >
> > import java.security.Permission;
> >
> >
> >
> > public class Test {
> >
> >    public static void main(String[] args) throws Exception {
> >
> >        //System.setSecurityManager(null);
> >
> >        System.setSecurityManager(new MySecurityManager());
> >
> >        System.out.println("Security manager was successfully set.");
> >
> >    }
> >
> > }
> >
> >
> >
> > class MySecurityManager extends SecurityManager {
> >
> >    public void checkPermission(Permission perm) {
> >
> >        System.out.println("Checking " + perm + "...");
> >
> >        throw new SecurityException(perm.toString() + " is not
> granted.");
> >
> >    }
> >
> > }
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message