Re: [classlib][security-kernel] Setting non-system SecurityManager for the first time

Wed, 10 Jan 2007 04:14:06 -0800 

2007/1/10, Mikhail Markov <[EMAIL PROTECTED]>:

On 1/10/07, Alexey Varlamov <[EMAIL PROTECTED]> wrote:

> I agree, this testcase demonstrates bugs in RI and J9 (btw, why did
> you call an uncaugth exception the "crash" ?).


Because i get Debug/Close window: "VM launcher has encountered a problem and
needs to close. We are sorry for the inconvenience." :-)*
*


> And I see nothing really strange in the behavoir of DRLVM, checking of
> SecurityPermission getProperty.package.access is not mandated by the
> API specification thus its result can (and should) be discarded.


But RI does not consult newly set SecurityManager for any additional
permissions.


Hmm, let's look at RI's backtrace again:
--------
Exception in thread "main" java.lang.ExceptionInInitializerError
      at java.lang.System.setSecurityManager0(System.java:275)
      at java.lang.System.setSecurityManager(System.java:244)
      at Test.main(Test.java:6)
Caused by: java.lang.SecurityException: (java.security.SecurityPermission
getProperty.networkaddress.cache.ttl) is not granted.
      at MySecurityManager.checkPermission(Test.java:14)
...
---------
In fact RI would check some more permissions if this
"SecurityPermission getProperty.networkaddress.cache.ttl" succeeded.



I agree that this is not a problem - perhaps just a place for further
performance optimisations.


Well, the additional checks are there to help avoiding unexpected
classloading problems (like cyclic dependency). This trick is
exploited by the all tested VMs, trading performance for regularity -
and clearly this API is never performance critical.

--
Alexey



Regards,
Mikhail

--
> Alexey
>
> 2007/1/10, Mikhail Markov <[EMAIL PROTECTED]>:
> > Hi!
> >
> > While investigating https://issues.apache.org/jira/browse/HARMONY-2955JIRA
> > i've found an interesting thing:
> > The testcase below produces different result for 3 VMs (below as well)
> and
> > all 3 are rather weird:
> > RI:
> >  - need access to some security properties when calling
> > System.setSecurityManager for the first time - seems violation of the
> spec
> > to me.
> >  - but if uncomment the line #5 (and thus some static initializers will
> be
> > done) then the output is just "Security manager was successfully set."
> >
> > DRLVM:
> >  - checking java.security.SecurityPermission getProperty.package.accessand
> > althought it's not granted - successfully sets security manager
> (probably by
> > catching exception inside VM kernel classes)
> >
> > IBM VME:
> >  - checking the same java.security.SecurityPermission
> > getProperty.package.access and crashes as it's not granted
> >
> > From these 3 results DRLVM seems to me the closest to what is expected.
> >
> > I'm not sure what kinds of JIRAs should be open in this case:
> > I could suggest opening at least 2 JIRAs:
> > 1) "non-bug diff" as this code should silently work
> > 2) against IBM VME - as it crashes while checking additional properties
> > Not sure what to do with DRLVM as it's behaviour generally correct.
> >
> > Thoughts?
> >
> > Regards,
> > Mikhail
> >
> > -------- output --------------
> > RI:
> > Checking (java.security.SecurityPermission
> > getProperty.networkaddress.cache.ttl)...
> > Exception in thread "main" java.lang.ExceptionInInitializerError
> >        at java.lang.System.setSecurityManager0(System.java:275)
> >        at java.lang.System.setSecurityManager(System.java:244)
> >        at Test.main(Test.java:6)
> > Caused by: java.lang.SecurityException: (
> java.security.SecurityPermission
> > getProperty.networkaddress.cache.ttl) is not granted.
> >        at MySecurityManager.checkPermission(Test.java:14)
> >        at java.security.Security.getProperty(Security.java:724)
> >        at sun.net.InetAddressCachePolicy$1.run(
> InetAddressCachePolicy.java
> > :81)
> >        at java.security.AccessController.doPrivileged(Native Method)
> >        at sun.net.InetAddressCachePolicy.<clinit>(
> > InetAddressCachePolicy.java:77)
> >        ... 3 more
> >
> > DRLVM:
> > Checking (java.security.SecurityPermission getProperty.package.access
> )...
> > Security manager was successfully set.
> > Checking (java.lang.RuntimePermission getProtectionDomain)...
> >
> > IBM VME (crashes):
> > Checking (java.security.SecurityPermission getProperty.package.access
> )...
> > Exception in thread "main" java.lang.SecurityException: (
> > java.security.SecurityPermission getProperty.package.access) is not
> granted.
> >        at MySecurityManager.checkPermission(Test.java:14)
> >        at java.lang.SecurityManager.checkSecurityAccess(
> > SecurityManager.java:422)
> >        at java.security.Security.getProperty(Security.java:360)
> >        at org.apache.harmony.luni.util.PriviAction.run(PriviAction.java
> > :131)
> >        at java.security.AccessController.doPrivileged(
> AccessController.java
> > :179)
> >        at java.lang.SecurityManager.checkPackageProperty(
> > SecurityManager.java:333)
> >        at java.lang.SecurityManager.checkPackageAccess(
> SecurityManager.java
> > :34)
> >        at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java:54)
> >        at java.lang.ClassLoader.loadClass(ClassLoader.java:620)
> >        at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java:60)
> >        at java.lang.ClassLoader.loadClass(ClassLoader.java:594)
> >        at MySecurityManager.checkPermission(Test.java:13)
> >        at java.lang.SecurityManager.checkSecurityAccess(
> > SecurityManager.java:422)
> >        at java.security.Security.getProperty(Security.java:360)
> >        at org.apache.harmony.luni.util.PriviAction.run(PriviAction.java
> > :131)
> >        at java.security.AccessController.doPrivileged(
> AccessController.java
> > :179)
> >        at java.lang.SecurityManager.checkPackageProperty(
> > SecurityManager.java:333)
> >        at java.lang.SecurityManager.checkPackageAccess(
> SecurityManager.java
> > :34)
> >        at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java:54)
> >        at java.lang.ClassLoader.loadClass(ClassLoader.java:594)
> >        at Test.main(Test.java:7)
> > Checking (java.lang.RuntimePermission modifyThreadGroup)...
> >
> > -------- Test.java -----------
> >
> > import java.security.Permission;
> >
> >
> >
> > public class Test {
> >
> >    public static void main(String[] args) throws Exception {
> >
> >        //System.setSecurityManager(null);
> >
> >        System.setSecurityManager(new MySecurityManager());
> >
> >        System.out.println("Security manager was successfully set.");
> >
> >    }
> >
> > }
> >
> >
> >
> > class MySecurityManager extends SecurityManager {
> >
> >    public void checkPermission(Permission perm) {
> >
> >        System.out.println("Checking " + perm + "...");
> >
> >        throw new SecurityException(perm.toString() + " is not
> granted.");
> >
> >    }
> >
> > }
> >
> >
>

Reply via email to