Issue 1188: Patch against trunk to handle SecurityExceptions (original) (raw)

Created on 2008-12-01.19:25:12 by jamesr, last changed 2009-04-22.03:05:53 by fwierzbicki.

| Messages | | | | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | ------------------------- | | | msg3863 (view) | Author: James Robinson (jamesr) | Date: 2008-12-01.19:25:12 | | | This patch adds handling for SecurityExceptions in places currently lacking it. SecurityExceptions can be thrown by many file-related and other Java APIs when running Jython in a restricted container. This patch fixes the issue noted in 1185 and 1186, although this is against trunk and not 2.2.*. | | | | | msg4246 (view) | Author: Jim Baker (zyasoft) | Date: 2009-03-12.08:30:04 | | | Review for 2.5.0 | | | | | msg4249 (view) | Author: James Robinson (jamesr) | Date: 2009-03-12.15:34:10 | | | Thanks for looking at this. Here's an updated patch against svn trunk@6093. Is there any way I can help get this landed? | | | | | msg4255 (view) | Author: Frank Wierzbicki (fwierzbicki) | Date: 2009-03-13.14:19:11 | | | James Robinson: by updating the patch to trunk you have helped make sure it gets a solid review (also zyasoft marking it as "high" means we will review before we get to RC) | | | | | msg4453 (view) | Author: Philip Jenvey (pjenvey) | Date: 2009-04-06.01:42:53 | | | What security policy was this made to run against? We have an incredibly simple test of starting up jython under a restricted policy in test_java_integration Having that test do a little more would also be really helpful in getting this patch applied | | | | | msg4488 (view) | Author: James Robinson (jamesr) | Date: 2009-04-08.15:26:04 | | | This is for the security policy in the Google App Engine. It can roughly be recreated by forbidding all write access to disk and read access outside the working directory (which makes some File.isDirectory() checks fail). The additional changes are because SecureClassLoader and Compiler are not on the JRE whitelist. Compiler.compileClass() is documented to be a no-op, so I do not think removing it is an issue. URLClassLoader should work just as well as SecureClassLoader. | | | | | msg4565 (view) | Author: Frank Wierzbicki (fwierzbicki) | Date: 2009-04-22.03:05:52 | | | I finally got a policy file together so I could test these fixes. Needless to say it is still difficult to do any sort of real testing (especially using our regrtest suite) w/o being able to write to the filesystem. I have done some manual testing, but real testing of jython in a write only environment is still a todo. Thanks James Robinson! | | | |