lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LUCENE-4352) only the test runner should be able to System.exit
Date Mon, 03 Sep 2012 15:24:07 GMT

    [ https://issues.apache.org/jira/browse/LUCENE-4352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447314#comment-13447314
] 

Uwe Schindler commented on LUCENE-4352:
---------------------------------------

I played a little bit around and the above javadoc behaves exactly as proposed: Code from
the default classloader can always call System.exit/System.halt. I played around and removed
the RuntimePermission at all to verify this, Lucene tests still passed with:

{noformat}
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "setIO";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "modifyThreadGroup";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "getStackTrace";
  permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
  permission java.lang.RuntimePermission "shutdownHooks";
{noformat}

So theoretically we can restrict a lot of stuff (like calling Thread.stop(), which is deprecated)
or setting another SecurityManager that circumvents our HighSecurity(tm) environment (LOL),
but not System.exit().

There is only one possibility that I will check now: We currently pass:

{code:xml}
<sysproperty key="java.security.manager" value="java.lang.SecurityManager" />
{code}

If the test VM calls System.exit(), the SecurityManager's method checkExit() is in all cases
invoked and can jump in... So we can provide a custom SecurityManger from the test framework
that passes everything to the default manager (so enforcing our Policy), but on checkExit(int),
it will inspect the stack trace like the preflex-RW codec does in Mike's hack and look for
the test-runners "exit" signature to allow exit only for this case; in all other cases throw
SecurityException.
                
> only the test runner should be able to System.exit
> --------------------------------------------------
>
>                 Key: LUCENE-4352
>                 URL: https://issues.apache.org/jira/browse/LUCENE-4352
>             Project: Lucene - Core
>          Issue Type: Bug
>            Reporter: Robert Muir
>
> All others should get SecurityException

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message