RE: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-16 Thread Sharath Ballal
I tried to do some experiments from my side to check if this issue could be 
hit, but I could not successfully do anything.  As per the discussion in this 
thread, I will close the bug as 'not an issue'.  Thanks all for the inputs.


-Sharath Ballal


-Original Message-
From: Dmitry Samersoff 
Sent: Thursday, September 15, 2016 4:19 PM
To: Harsha wardhana B; Sharath Ballal; David Holmes; 
serviceability-dev@openjdk.java.net
Subject: Re: RFR: JDK-8068155: [Findbugs]new 
sun.jvm.hotspot.utilities.ObjectReader() creates a 
sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be 
performed within a doPrivileged block

Sharath,

I don't see any requirements that ObjectReader should run with an application 
that install security manager but doesn't have 
RuntimePermission.createClassLoader

So I would recommend to close this bug as "not an issue".

-Dmitry

On 2016-09-15 06:38, Harsha wardhana B wrote:
> Hello,
> 
> It is not required that SA should be run under security manager to 
> address this change. Any standalone application when run under 
> security manager can use ObjectReader class to exploit 
> vulnerabilities. That is something that should be evaluated.
> 
> With the below fix any application when run under security manager 
> without RuntimePermission.createClassLoader will be able to create 
> ProcImageClassLoader. We need to check if it is something that is 
> desired and what vulnerabilities can be exploited, if any.
> 
> -Harsha
> 
> On 9/14/2016 5:58 PM, Sharath Ballal wrote:
>> David,
>>> That aside, the code uses raw types, which is bad. It should also be 
>>> able to retain the this(...) invocation e.g (I haven't compiled this):
>> This works, Thanks.
>>
>>
>> -Sharath Ballal
>>
>>
>>
>> -Original Message-
>> From: David Holmes
>> Sent: Wednesday, September 14, 2016 3:07 PM
>> To: Sharath Ballal;serviceability-dev@openjdk.java.net
>> Subject: Re: RFR: JDK-8068155: [Findbugs]new
>> sun.jvm.hotspot.utilities.ObjectReader() creates a 
>> sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which 
>> should be performed within a doPrivileged block
>>
>> Hi Sharath,
>>
>> On 14/09/2016 6:14 PM, Sharath Ballal wrote:
>>> Hello,
>>>
>>> Please review this fix to add creation of classloader code into 
>>> doPrivileged block
>>>
>>> Issue:https://bugs.openjdk.java.net/browse/JDK-8068155
>>>
>>> Webrev:http://cr.openjdk.java.net/~sballal/8068155/webrev.00/
>> First I'm also curious about why FindBugs thinks this is needed. 
>> AFAIK you use the doPrivileged to allow you to create the classLoader 
>> when it would otherwise fail if a SecurityManager were present.
>>
>> That aside, the code uses raw types, which is bad. It should also be 
>> able to retain the this(...) invocation e.g (I haven't compiled this):
>>
>> public ObjectReader() {
>> this(AccessController.doPrivileged(
>>new PrivilegedAction() {
>>   public ClassLoader run() {
>>  return new ProcImageClassLoader();
>>   }
>>}
>> ));
>>  }
>>
>> Thanks,
>> David
>>
>>> -Sharath Ballal
>>>
>>>
>>>
>>>
>>>
> 


--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the sources.


Re: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-15 Thread Sundararajan Athijegannathan
+1

PS.

* SA module does not export any package - as of now, only jhsdb is the
only way to use SA. So, most findbugs findings are noise. i.e., user
code or any code outside SA module cannot access SA programmatically.

Only way is to use command line switches of Java launcher - if untrusted
code can do that [it cannot!], all doomed anyway :)

-Sundar

On 9/15/2016 4:19 PM, Dmitry Samersoff wrote:
> Sharath,
>
> I don't see any requirements that ObjectReader should run with an
> application that install security manager but doesn't have
> RuntimePermission.createClassLoader
>
> So I would recommend to close this bug as "not an issue".
>
> -Dmitry
>
> On 2016-09-15 06:38, Harsha wardhana B wrote:
>> Hello,
>>
>> It is not required that SA should be run under security manager to
>> address this change. Any standalone application when run under security
>> manager can use ObjectReader class to exploit vulnerabilities. That is
>> something that should be evaluated.
>>
>> With the below fix any application when run under security manager
>> without RuntimePermission.createClassLoader will be able to create
>> ProcImageClassLoader. We need to check if it is something that is
>> desired and what vulnerabilities can be exploited, if any.
>>
>> -Harsha
>>
>> On 9/14/2016 5:58 PM, Sharath Ballal wrote:
>>> David,
 That aside, the code uses raw types, which is bad. It should also be
 able to retain the this(...) invocation e.g (I haven't compiled this):
>>> This works, Thanks.
>>>
>>>
>>> -Sharath Ballal
>>>
>>>
>>>
>>> -Original Message-
>>> From: David Holmes
>>> Sent: Wednesday, September 14, 2016 3:07 PM
>>> To: Sharath Ballal;serviceability-dev@openjdk.java.net
>>> Subject: Re: RFR: JDK-8068155: [Findbugs]new
>>> sun.jvm.hotspot.utilities.ObjectReader() creates a
>>> sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which
>>> should be performed within a doPrivileged block
>>>
>>> Hi Sharath,
>>>
>>> On 14/09/2016 6:14 PM, Sharath Ballal wrote:
 Hello,

 Please review this fix to add creation of classloader code into
 doPrivileged block

 Issue:https://bugs.openjdk.java.net/browse/JDK-8068155

 Webrev:http://cr.openjdk.java.net/~sballal/8068155/webrev.00/
>>> First I'm also curious about why FindBugs thinks this is needed. AFAIK
>>> you use the doPrivileged to allow you to create the classLoader when
>>> it would otherwise fail if a SecurityManager were present.
>>>
>>> That aside, the code uses raw types, which is bad. It should also be
>>> able to retain the this(...) invocation e.g (I haven't compiled this):
>>>
>>> public ObjectReader() {
>>> this(AccessController.doPrivileged(
>>>new PrivilegedAction() {
>>>   public ClassLoader run() {
>>>  return new ProcImageClassLoader();
>>>   }
>>>}
>>> ));
>>>  }
>>>
>>> Thanks,
>>> David
>>>
 -Sharath Ballal





>



Re: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-15 Thread Dmitry Samersoff
Sharath,

I don't see any requirements that ObjectReader should run with an
application that install security manager but doesn't have
RuntimePermission.createClassLoader

So I would recommend to close this bug as "not an issue".

-Dmitry

On 2016-09-15 06:38, Harsha wardhana B wrote:
> Hello,
> 
> It is not required that SA should be run under security manager to
> address this change. Any standalone application when run under security
> manager can use ObjectReader class to exploit vulnerabilities. That is
> something that should be evaluated.
> 
> With the below fix any application when run under security manager
> without RuntimePermission.createClassLoader will be able to create
> ProcImageClassLoader. We need to check if it is something that is
> desired and what vulnerabilities can be exploited, if any.
> 
> -Harsha
> 
> On 9/14/2016 5:58 PM, Sharath Ballal wrote:
>> David,
>>> That aside, the code uses raw types, which is bad. It should also be
>>> able to retain the this(...) invocation e.g (I haven't compiled this):
>> This works, Thanks.
>>
>>
>> -Sharath Ballal
>>
>>
>>
>> -Original Message-
>> From: David Holmes
>> Sent: Wednesday, September 14, 2016 3:07 PM
>> To: Sharath Ballal;serviceability-dev@openjdk.java.net
>> Subject: Re: RFR: JDK-8068155: [Findbugs]new
>> sun.jvm.hotspot.utilities.ObjectReader() creates a
>> sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which
>> should be performed within a doPrivileged block
>>
>> Hi Sharath,
>>
>> On 14/09/2016 6:14 PM, Sharath Ballal wrote:
>>> Hello,
>>>
>>> Please review this fix to add creation of classloader code into
>>> doPrivileged block
>>>
>>> Issue:https://bugs.openjdk.java.net/browse/JDK-8068155
>>>
>>> Webrev:http://cr.openjdk.java.net/~sballal/8068155/webrev.00/
>> First I'm also curious about why FindBugs thinks this is needed. AFAIK
>> you use the doPrivileged to allow you to create the classLoader when
>> it would otherwise fail if a SecurityManager were present.
>>
>> That aside, the code uses raw types, which is bad. It should also be
>> able to retain the this(...) invocation e.g (I haven't compiled this):
>>
>> public ObjectReader() {
>> this(AccessController.doPrivileged(
>>new PrivilegedAction() {
>>   public ClassLoader run() {
>>  return new ProcImageClassLoader();
>>   }
>>}
>> ));
>>  }
>>
>> Thanks,
>> David
>>
>>> -Sharath Ballal
>>>
>>>
>>>
>>>
>>>
> 


-- 
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the sources.


Re: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-15 Thread Harsha wardhana B

Hello,

It is not required that SA should be run under security manager to 
address this change. Any standalone application when run under security 
manager can use ObjectReader class to exploit vulnerabilities. That is 
something that should be evaluated.


With the below fix any application when run under security manager 
without RuntimePermission.createClassLoader will be able to create 
ProcImageClassLoader. We need to check if it is something that is 
desired and what vulnerabilities can be exploited, if any.


-Harsha

On 9/14/2016 5:58 PM, Sharath Ballal wrote:

David,

That aside, the code uses raw types, which is bad. It should also be able to 
retain the this(...) invocation e.g (I haven't compiled this):

This works, Thanks.


-Sharath Ballal



-Original Message-
From: David Holmes
Sent: Wednesday, September 14, 2016 3:07 PM
To: Sharath Ballal;serviceability-dev@openjdk.java.net
Subject: Re: RFR: JDK-8068155: [Findbugs]new 
sun.jvm.hotspot.utilities.ObjectReader() creates a 
sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be 
performed within a doPrivileged block

Hi Sharath,

On 14/09/2016 6:14 PM, Sharath Ballal wrote:

Hello,

Please review this fix to add creation of classloader code into
doPrivileged block

Issue:https://bugs.openjdk.java.net/browse/JDK-8068155

Webrev:http://cr.openjdk.java.net/~sballal/8068155/webrev.00/

First I'm also curious about why FindBugs thinks this is needed. AFAIK you use 
the doPrivileged to allow you to create the classLoader when it would otherwise 
fail if a SecurityManager were present.

That aside, the code uses raw types, which is bad. It should also be able to 
retain the this(...) invocation e.g (I haven't compiled this):

public ObjectReader() {
this(AccessController.doPrivileged(
   new PrivilegedAction() {
  public ClassLoader run() {
 return new ProcImageClassLoader();
  }
   }
));
 }

Thanks,
David


-Sharath Ballal









RE: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-14 Thread Sharath Ballal
David,
> That aside, the code uses raw types, which is bad. It should also be able to 
> retain the this(...) invocation e.g (I haven't compiled this):
This works, Thanks.


-Sharath Ballal



-Original Message-
From: David Holmes 
Sent: Wednesday, September 14, 2016 3:07 PM
To: Sharath Ballal; serviceability-dev@openjdk.java.net
Subject: Re: RFR: JDK-8068155: [Findbugs]new 
sun.jvm.hotspot.utilities.ObjectReader() creates a 
sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be 
performed within a doPrivileged block

Hi Sharath,

On 14/09/2016 6:14 PM, Sharath Ballal wrote:
> Hello,
>
> Please review this fix to add creation of classloader code into 
> doPrivileged block
>
> Issue: https://bugs.openjdk.java.net/browse/JDK-8068155
>
> Webrev: http://cr.openjdk.java.net/~sballal/8068155/webrev.00/

First I'm also curious about why FindBugs thinks this is needed. AFAIK you use 
the doPrivileged to allow you to create the classLoader when it would otherwise 
fail if a SecurityManager were present.

That aside, the code uses raw types, which is bad. It should also be able to 
retain the this(...) invocation e.g (I haven't compiled this):

   public ObjectReader() {
   this(AccessController.doPrivileged(
  new PrivilegedAction() {
 public ClassLoader run() {
return new ProcImageClassLoader();
 }
  }
   ));
}

Thanks,
David

>
>
> -Sharath Ballal
>
>
>
>
>


RE: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-14 Thread Sharath Ballal
Sundar,

> Does SA runs under security manager at all? For eg. can jhsdb tool run under 
> security manager? I doubt.
I am checking on this.

 

-Sharath Ballal

 

 

From: Sundararajan Athijegannathan 
Sent: Wednesday, September 14, 2016 1:54 PM
To: Sharath Ballal; serviceability-dev@openjdk.java.net
Subject: Re: RFR: JDK-8068155: [Findbugs]new 
sun.jvm.hotspot.utilities.ObjectReader() creates a 
sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be 
performed within a doPrivileged block

 

Does SA runs under security manager at all? For eg. can jhsdb tool run under 
security manager? I doubt.

Do we want to make it runnable under security manager? If not, does this fix 
makes sense?

-Sundar

On 9/14/2016 1:44 PM, Sharath Ballal wrote:

Hello, 

Please review this fix to add creation of classloader code into doPrivileged 
block

Issue: https://bugs.openjdk.java.net/browse/JDK-8068155

Webrev: HYPERLINK 
"http://cr.openjdk.java.net/%7Esballal/8068155/webrev.00/"http://cr.openjdk.java.net/~sballal/8068155/webrev.00/
 

 

-Sharath Ballal

 

 

 


Re: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-14 Thread David Holmes

Hi Sharath,

On 14/09/2016 6:14 PM, Sharath Ballal wrote:

Hello,

Please review this fix to add creation of classloader code into
doPrivileged block

Issue: https://bugs.openjdk.java.net/browse/JDK-8068155

Webrev: http://cr.openjdk.java.net/~sballal/8068155/webrev.00/


First I'm also curious about why FindBugs thinks this is needed. AFAIK 
you use the doPrivileged to allow you to create the classLoader when it 
would otherwise fail if a SecurityManager were present.


That aside, the code uses raw types, which is bad. It should also be 
able to retain the this(...) invocation e.g (I haven't compiled this):


  public ObjectReader() {
  this(AccessController.doPrivileged(
 new PrivilegedAction() {
public ClassLoader run() {
   return new ProcImageClassLoader();
}
 }
  ));
   }

Thanks,
David




-Sharath Ballal







Re: RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-14 Thread Sundararajan Athijegannathan
Does SA runs under security manager at all? For eg. can jhsdb tool run
under security manager? I doubt.

Do we want to make it runnable under security manager? If not, does this
fix makes sense?

-Sundar

On 9/14/2016 1:44 PM, Sharath Ballal wrote:
>
> Hello,
>
> Please review this fix to add creation of classloader code into
> doPrivileged block
>
> Issue: https://bugs.openjdk.java.net/browse/JDK-8068155
>
> Webrev: http://cr.openjdk.java.net/~sballal/8068155/webrev.00/
> 
>
>  
>
> -Sharath Ballal
>
>  
>
>  
>



RFR: JDK-8068155: [Findbugs]new sun.jvm.hotspot.utilities.ObjectReader() creates a sun.jvm.hotspot.utilities.ProcImageClassLoader classloader, which should be performed within a doPrivileged block

2016-09-14 Thread Sharath Ballal
Hello, 

Please review this fix to add creation of classloader code into doPrivileged 
block

Issue: https://bugs.openjdk.java.net/browse/JDK-8068155

Webrev: http://cr.openjdk.java.net/~sballal/8068155/webrev.00/ 

 

-Sharath Ballal