File system access not checked by JVM security manager
------------------------------------------------------
Key: JRUBY-5153
URL: http://jira.codehaus.org/browse/JRUBY-5153
Project: JRuby
Issue Type: Bug
Affects Versions: JRuby 1.5.1
Reporter: Ivo Wever
Assignee: Thomas E Enebo
When you try to access file system resources, with the default Java security
manager in place, the
accesses succeed when they should fail. For instance,
jruby -J-Djava.security.manager -e "puts File.read('/etc/hosts').size"
simply succeeds, while
java -Djava.security.manager Main
on a previously compiled Main.java[1] fails as expected with an
Exception in thread "main" java.security.AccessControlException:
access denied (java.io.FilePermission /etc/hosts read)
Other permissions seem to be checked by the security manager just fine:
outbound connections,
listening on sockets, setting Java properties, etc. all fail without
modifications to the policy file.
[1] Main.java
import java.io.*;
public class Main {
public static void main(String[] args) throws Exception {
char[] cbuf = new char[4*1024];
System.out.println(new FileReader(new File("/etc/hosts")).read(cbuf));
}
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
