river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: Debugging River (Was: Re: new release?)
Date Mon, 15 Nov 2010 00:10:47 GMT
This is JDK 1.6's AccessControlContext ProtectionDomain Permission's

Note these are static Permission's in the ProtectionDomain, not the 
dynamic policy.

This is just prior to the permission check for (java.io.FilePermission 
/var/tmp/Mercury*.config read)

For some reason mercury.jar has 
GrantPermission(java.security.AllPermission "<all permissions>", "<all 
actions>")

This would allow granting of the necessary FilePermission.

Obviously it has allowed the bogus policy to be set, but strangely in 
JDK1.5 there's no access denied for setting the policy?


See below:

Step completed: "thread=main", 
net.jini.security.Security.createPrivilegedContext(), line=562 bci=4

main[1] print acc
 acc = "java.security.AccessControlContext@16b788"
main[1] print acc.context
 acc.context = instance of java.security.ProtectionDomain[4] (id=1493)
main[1] print acc.context[0]
 acc.context[0] = "ProtectionDomain  
(file:/opt/src/river/trunk/lib/jsk-platform.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@182f0db
 <no principals>
 java.security.Permissions@18abc7b (
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission * read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission 
com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException write)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.io.FilePermission /opt/src/river/trunk/qa/lib/- read)
 (java.io.FilePermission /opt/src/river/trunk/lib/- read)
 (java.io.FilePermission /opt/src/river/trunk/lib/jsk-platform.jar read)
 (java.net.SocketPermission localhost:8081 listen,resolve)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission *:1024- connect,accept,resolve)
 (java.lang.RuntimePermission 
accessClassInPackage.sun.util.logging.resources)
 (java.lang.RuntimePermission setFactory)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission exitVM)
 (net.jini.security.GrantPermission java.util.PropertyPermission 
"line.separator", "read"; java.util.PropertyPermission 
"java.vm.version", "read"; java.util.PropertyPermission 
"java.vm.specification.version", "read"; java.util.PropertyPermission 
"java.vm.specification.vendor", "read"; java.util.PropertyPermission 
"java.vendor.url", "read"; java.util.PropertyPermission "java.vm.name", 
"read"; java.util.PropertyPermission "*", "read"; 
java.util.PropertyPermission "os.name", "read"; 
java.util.PropertyPermission "java.vm.vendor", "read"; 
java.util.PropertyPermission "path.separator", "read"; 
java.util.PropertyPermission "java.specification.name", "read"; 
java.util.PropertyPermission "os.version", "read"; 
java.util.PropertyPermission "os.arch", "read"; 
java.util.PropertyPermission 
"com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException", 
"write"; java.util.PropertyPermission "java.class.version", "read"; 
java.util.PropertyPermission "java.version", "read"; 
java.util.PropertyPermission "file.separator", "read"; 
java.util.PropertyPermission "java.vendor", "read"; 
java.util.PropertyPermission "java.vm.specification.name", "read"; 
java.util.PropertyPermission "java.specification.version", "read"; 
java.util.PropertyPermission "java.specification.vendor", "read"; 
java.io.FilePermission "/opt/src/river/trunk/lib/-", "read"; 
java.io.FilePermission "/opt/src/river/trunk/qa/lib/-", "read"; 
java.io.FilePermission "/opt/src/river/trunk/lib/jsk-platform.jar", 
"read"; java.net.SocketPermission "localhost:8081", "listen,resolve"; 
java.net.SocketPermission "localhost:1024-", "listen,resolve"; 
java.net.SocketPermission "*:1024-", "connect,accept,resolve"; 
java.lang.RuntimePermission 
"accessClassInPackage.sun.util.logging.resources", ""; 
java.lang.RuntimePermission "setFactory", ""; 
java.lang.RuntimePermission "stopThread", ""; 
java.lang.RuntimePermission "exitVM", ""; java.security.AllPermission 
"<all permissions>", "<all actions>";)
 (java.security.AllPermission <all permissions> <all actions>)
)

"
main[1] print acc.context[1]
 acc.context[1] = "ProtectionDomain  
(file:/opt/src/river/trunk/lib/mercury.jar <no signer certificates>)
 com.sun.jini.start.ActivateWrapper$ExportClassLoader[importURLs=[file:/opt/src/river/trunk/lib/mercury.jar],exportURLs=[http://bluto:8080/mercury-dl_bogus.jar,

http://bluto:8080/jsk-dl.jar],parent=sun.misc.Launcher$AppClassLoader@182f0db,id=cca3bb29-7eb8-437f-92f1-76f8432db01a]
 <no principals>
 java.security.Permissions@17cff66 (
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.io.FilePermission /opt/src/river/trunk/lib/mercury.jar read)
 (java.net.SocketPermission localhost:8081 listen,resolve)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.lang.RuntimePermission stopThread)
 (net.jini.security.GrantPermission java.util.PropertyPermission 
"line.separator", "read"; java.util.PropertyPermission 
"java.vm.version", "read"; java.util.PropertyPermission 
"java.vm.specification.version", "read"; java.util.PropertyPermission 
"java.vm.specification.vendor", "read"; java.util.PropertyPermission 
"java.vendor.url", "read"; java.util.PropertyPermission "java.vm.name", 
"read"; java.util.PropertyPermission "os.name", "read"; 
java.util.PropertyPermission "java.vm.vendor", "read"; 
java.util.PropertyPermission "path.separator", "read"; 
java.util.PropertyPermission "java.specification.name", "read"; 
java.util.PropertyPermission "os.version", "read"; 
java.util.PropertyPermission "os.arch", "read"; 
java.util.PropertyPermission "java.class.version", "read"; 
java.util.PropertyPermission "java.version", "read"; 
java.util.PropertyPermission "file.separator", "read"; 
java.util.PropertyPermission "java.vendor", "read"; 
java.util.PropertyPermission "java.vm.specification.name", "read"; 
java.util.PropertyPermission "java.specification.version", "read"; 
java.util.PropertyPermission "java.specification.vendor", "read"; 
java.io.FilePermission "/opt/src/river/trunk/lib/mercury.jar", "read"; 
java.net.SocketPermission "localhost:8081", "listen,resolve"; 
java.net.SocketPermission "localhost:1024-", "listen,resolve"; 
java.lang.RuntimePermission "stopThread", ""; 
java.security.AllPermission "<all permissions>", "<all actions>";)
 (java.security.AllPermission <all permissions> <all actions>)
)

"
main[1] print acc.context[2]
 acc.context[2] = "ProtectionDomain  
(file:/opt/src/river/trunk/qa/lib/jiniharness.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@182f0db
 <no principals>
 java.security.Permissions@1f2be27 (
 (java.io.FilePermission /opt/src/river/trunk/qa/lib/jiniharness.jar read)
 (java.lang.RuntimePermission exitVM)
 (java.security.AllPermission <all permissions> <all actions>)
)

"
main[1] pritn acc.context[3]
Unrecognized command: 'pritn'.  Try help...
main[1] print acc.context[3]
 acc.context[3] = "ProtectionDomain  
(file:/opt/src/river/trunk/qa/lib/jinitests.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@182f0db
 <no principals>
 java.security.Permissions@1df3d59 (
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission * read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission 
com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException write)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.io.FilePermission /opt/src/river/trunk/qa/lib/- read)
 (java.io.FilePermission /opt/src/river/trunk/lib/- read)
 (java.io.FilePermission /opt/src/river/trunk/qa/lib/jinitests.jar read)
 (java.net.SocketPermission localhost:8081 listen,resolve)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission *:1024- connect,accept,resolve)
 (java.lang.RuntimePermission 
accessClassInPackage.sun.util.logging.resources)
 (java.lang.RuntimePermission setFactory)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission exitVM)
 (net.jini.security.GrantPermission java.util.PropertyPermission 
"line.separator", "read"; java.util.PropertyPermission 
"java.vm.version", "read"; java.util.PropertyPermission 
"java.vm.specification.version", "read"; java.util.PropertyPermission 
"java.vm.specification.vendor", "read"; java.util.PropertyPermission 
"java.vendor.url", "read"; java.util.PropertyPermission "java.vm.name", 
"read"; java.util.PropertyPermission "*", "read"; 
java.util.PropertyPermission "os.name", "read"; 
java.util.PropertyPermission "java.vm.vendor", "read"; 
java.util.PropertyPermission "path.separator", "read"; 
java.util.PropertyPermission "java.specification.name", "read"; 
java.util.PropertyPermission "os.version", "read"; 
java.util.PropertyPermission "os.arch", "read"; 
java.util.PropertyPermission 
"com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException", 
"write"; java.util.PropertyPermission "java.class.version", "read"; 
java.util.PropertyPermission "java.version", "read"; 
java.util.PropertyPermission "file.separator", "read"; 
java.util.PropertyPermission "java.vendor", "read"; 
java.util.PropertyPermission "java.vm.specification.name", "read"; 
java.util.PropertyPermission "java.specification.version", "read"; 
java.util.PropertyPermission "java.specification.vendor", "read"; 
java.io.FilePermission "/opt/src/river/trunk/lib/-", "read"; 
java.io.FilePermission "/opt/src/river/trunk/qa/lib/-", "read"; 
java.io.FilePermission "/opt/src/river/trunk/qa/lib/jinitests.jar", 
"read"; java.net.SocketPermission "localhost:8081", "listen,resolve"; 
java.net.SocketPermission "localhost:1024-", "listen,resolve"; 
java.net.SocketPermission "*:1024-", "connect,accept,resolve"; 
java.lang.RuntimePermission 
"accessClassInPackage.sun.util.logging.resources", ""; 
java.lang.RuntimePermission "setFactory", ""; 
java.lang.RuntimePermission "stopThread", ""; 
java.lang.RuntimePermission "exitVM", ""; java.security.AllPermission 
"<all permissions>", "<all actions>";)
 (java.security.AllPermission <all permissions> <all actions>)
)

"
main[1]


Mime
View raw message