tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Janner <Jeffrey.Jan...@PolyDyne.com>
Subject RE: Windows Path Not Found for urandom
Date Wed, 29 Aug 2012 17:57:21 GMT
> -----Original Message-----
> From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Sent: Wednesday, August 29, 2012 10:56 AM
> To: Tomcat Users List
> Subject: Re: Windows Path Not Found for urandom
> 
> 2012/8/29 Jeffrey Janner <Jeffrey.Janner@polydyne.com>:
> > The question is, is it something to be worried about?
> >
> >> -----Original Message-----
> >> From: Jeffrey Janner [mailto:Jeffrey.Janner@PolyDyne.com]
> >> Sent: Tuesday, August 28, 2012 10:21 AM
> >> To: Tomcat Users List ‎[users@tomcat.apache.org]‎
> >> Subject: Windows Path Not Found for urandom
> >>
> >>  apologize for the lack of details in advance, but I don't have the
> >> specifics yet.
> >>
> >> I have a customer that is using Tomcat (6.0.33?) on Windows and are
> >> monitoring the process with SysInternals Process Monitor.
> >> About every 5 seconds, they are seeing Tomcat.exe generate a "Path
> >> Not Found" error on a QueryOpen operation for the path
> D:\dev\urandom
> >> with a duration of around 0.00002.
> >> Since the path contains urandom, I assume it has something to do
> with
> >> the SSL routines.
> >> If they followed our standard install instructions, they should be
> >> using Tomcat 6.0.33 with the native/APR libraries that come with the
> >> installer.
> >>
> 
> 1. Can you stop top-posting?
> http://en.wikipedia.org/wiki/Posting_style#Choosing_the_proper_posting_
> style
[Jeff Janner] sorry, using that POS that Microsoft calls a email tool, and I sometimes forget.

> 2. " Confidentiality Notice"s are self-contradictory on a publicly
> archived mailing list.
[Jeff Janner] Hopefully, I've fixed the outbound filter that applies that automatically.

> 
> > The question is, is it something to be worried about?
> 
> 1. I'd be worried if there were something at that path.
> 
> Would randomness of something be compromised if there were a readable
> file there?
> 
> If there is nothing there and nothing can be created there, I think it
> is not much of an issue,  though an interesting one to investigate.
> 
> 2. If the file is opened by Java classes, you might try to run with a
> SecurityManager to find what tries to open it.
> 
> 3. You might try to create a file there (empty? small? unreadable?).
> Maybe something would start to fail (with EOFException or similar), or
> will hang waiting for data (and a threaddump will show what it is).
> 
> 
> Best regards,
> Konstantin Kolinko
> 

[Jeff Janner] 
Well, in trying to answer (1. & 3.) above, I actually created the file (empty).  Below
is what I get in the catalina.log no matter whether I have an SSL connector or not, and whether
the SSLEngine parameter of the APRLifecycleListener is on or off.  Notice that it tries to
read it 3 times.  I don't see the errors if the file is missing.  It doesn’t seem to affect
processing at all, except that I don't get anymore errors about it anywhere, even the process
monitor tool, after startup.  It was interesting that on startup with the file, process monitor
reported 3 read attempts, but without the file, it shows 6 PATH NOT FOUND errors.  And that's
before any access of the app.  I'm not knowledgeable enough to know if it's affecting the
SSL encryption, but I'm beginning to think it isn't.  I didn't notice is issues, hangs or
slowness, but it might actually affect things if the file had enough data to meet the minimum
byte requirements for SSL's entropy requirements.

The interesting thing was, I'm not seeing the issue here with the same frequency that the
customer is.  In testing, with the file missing, besides the initial 6 PNFs, I could only
get them to generate when I tried to login.  On connection, we throw up a regular jsp with
a form for login credentials (not a Tomcat controlled auth form - don't ask me why or get
me started, the decision was made way back at Tomcat 4.x). If I pass login, it generates 1
PNF, if I fail, it generates 2.  So I'm thinking it's definitely something in our code, and
my customer must have something trying to login every 5 seconds.

Still, there are two good academic questions about why Tomcat tries to read it 3 times on
startup, and what happens to SSL if the file exists (though I'm not sure the SSL code is trying
to read it under Windows, since I didn't see any evidence during testing).

012-08-29 11:52:29 Commons Daemon procrun stderr initialized
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Aug 29, 2012 11:52:29 AM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:52:29 AM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Aug 29, 2012 11:52:29 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 415 ms
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.33
Aug 29, 2012 11:52:29 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Aug 29, 2012 11:52:29 AM org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Error reading /dev/urandom
java.io.EOFException
	at java.io.DataInputStream.readFully(DataInputStream.java:180)
	at java.io.DataInputStream.readLong(DataInputStream.java:399)
	at org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548)
	at org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993)
	at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767)
	at org.apache.catalina.session.StandardManager.start(StandardManager.java:630)
	at org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:446)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4631)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:675)
	at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:601)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 29, 2012 11:52:30 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml
Aug 29, 2012 11:52:30 AM org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Error reading /dev/urandom
java.io.EOFException
	at java.io.DataInputStream.readFully(DataInputStream.java:180)
	at java.io.DataInputStream.readLong(DataInputStream.java:399)
	at org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548)
	at org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993)
	at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767)
	at org.apache.catalina.session.StandardManager.start(StandardManager.java:630)
	at org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:446)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4631)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:675)
	at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:601)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 29, 2012 11:52:31 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Aug 29, 2012 11:52:31 AM org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Error reading /dev/urandom
java.io.EOFException
	at java.io.DataInputStream.readFully(DataInputStream.java:180)
	at java.io.DataInputStream.readLong(DataInputStream.java:399)
	at org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548)
	at org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993)
	at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767)
	at org.apache.catalina.session.StandardManager.start(StandardManager.java:630)
	at org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:446)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4631)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1079)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1002)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:506)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 29, 2012 11:52:31 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:52:31 AM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Aug 29, 2012 11:52:31 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1594 ms
Aug 29, 2012 11:58:46 AM org.apache.coyote.http11.Http11AprProtocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:58:46 AM org.apache.coyote.ajp.AjpAprProtocol pause
INFO: Pausing Coyote AJP/1.3 on ajp-8009
Aug 29, 2012 11:58:47 AM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Aug 29, 2012 11:58:48 AM org.apache.coyote.http11.Http11AprProtocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:58:48 AM org.apache.coyote.ajp.AjpAprProtocol destroy
INFO: Stopping Coyote AJP/1.3 on ajp-8009
Mime
View raw message