Cannot require 'ffi' if script itself doesn't have some unknown privilege
-------------------------------------------------------------------------
Key: JRUBY-5109
URL: http://jira.codehaus.org/browse/JRUBY-5109
Project: JRuby
Issue Type: Bug
Components: Extensions
Affects Versions: JRuby 1.5.2
Environment: Windows 7, Java 1.6.0 Update 21 (32-bit and 64-bit)
Reporter: Trejkaz
A one-liner:
{code:ruby}
require 'ffi'
{code}
This gives the error below if the script itself is being run at reduced
privileges. I have confirmed that granting the script AllPermission does make
it work, and this is my recommended workaround at the moment. However,
granting only the loadLibrary permission does not appear to be enough, for
whatever reason.
Now, it might be reasonable to disallow the particular case of loading a
library using FFI, as it might be considered a means of "cheating" to get a
permission you're not supposed to have. If this is JRuby's stance then I will
not disagree, however I think it would be more helpful if it worked like this:
* Requiring 'ffi' itself should work no matter what, as the script itself is
not trying to load a library. Loading the native part of jffi should be done
with the permission context of JRuby (we grant JRuby full permissions in our
deployments.)
* Actually loading a library via FFI should fail with a SecurityException if
(and only if ;)) the *script's* security context would have been rejected
loading the same library using loadLibrary.
* The RuntimePermission "loadLibrary" should be the only permission required in
order to load any library through FFI, and as a side-effect of the previous
mechanism it should be possible to specify a permission to load a single
library if the policy file author so desired.
Initially reporting against JRuby itself, as I don't see jffi anywhere in the
stack trace.
{noformat}
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69:in
`require': Could not load FFI Provider: FFI not available: null (LoadError)
See http://jira.codehaus.org/browse/JRUBY-4583
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:1:in
`require'
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1:in
`require'
from <script>:1
org.jruby.embed.EvalFailedException: Could not load FFI Provider: FFI not
available: null
See http://jira.codehaus.org/browse/JRUBY-4583
at
org.jruby.embed.internal.EmbedEvalUnitImpl.run(EmbedEvalUnitImpl.java:127)
at org.jruby.embed.jsr223.JRubyEngine.eval(JRubyEngine.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
Caused by: org.jruby.exceptions.RaiseException: Could not load FFI Provider:
FFI not available: null
See http://jira.codehaus.org/browse/JRUBY-4583
at
(unknown).new(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69)
at
Kernel.require(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69)
at
(unknown).(unknown)(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:1)
at
Kernel.require(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1)
at
(unknown).(unknown)(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1)
at Kernel.require(<script>:1)
at (unknown).(unknown)(:1)
Script failed due to an error:
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69:in
`require': Could not load FFI Provider: FFI not available: null
See http://jira.codehaus.org/browse/JRUBY-4583 (LoadError)
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:1:in
`require'
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1
from
file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1:in
`require'
from <script>:1
...internal jruby stack elided...
from
Kernel.require(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:69)
from
(unknown).(unknown)(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi/ffi.rb:1)
from
Kernel.require(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1)
from
(unknown).(unknown)(file:/C:/App/lib/jruby-complete.jar!/META-INF/jruby.home/lib/ruby/site_ruby/shared/ffi.rb:1)
from Kernel.require(<script>:1)
from (unknown).(unknown)(:1)
{noformat}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
