Request for review: 8016046 (process) Strict validation of input should be security manager case only [win] (original) (raw)

Alexey Utkin alexey.utkin at oracle.com
Mon Jun 10 08:15:03 UTC 2013

Here is the changed version: http://cr.openjdk.java.net/~uta/openjdk-webrevs/JDK-8016046/webrev.01/

On 6/7/2013 8:02 PM, Alan Bateman wrote:

On 07/06/2013 10:02, Alexey Utkin wrote:

Hi, Please review the fix.

Bug description: http://bugs.sun.com/viewbug.do?bugid=8016046 https://jbs.oracle.com/bugs/browse/JDK-8016046 The suggested fix: http://cr.openjdk.java.net/~uta/openjdk-webrevs/JDK-8016046/webrev.00/ Summary: In absence of the Security Manager the verification procedure for the command-line was restored as before the JDK-8012453 fix. That suggests the ability of inline input/output redirection, piping, simultaneous launching of several programs by single command, lost spaces and etc. The extended verification procedure is activated in presence of the Security Manager or installing to "false" the "jdk.lang.Process.allowAmbiguousCommands" Java property. Given 15 years of sloppy usage of Runtime.exec on Windows then it was always going to be difficult to switch to tighter checking by default. So I think the solution is right and keeps existing code working. I also agree that it's useful to have a property to opt-in to get property checking of the input. So the changes looks good to me. A minor comment on the test but in checkOut then it could use Files.notExists. It would be useful to expand the @bug to include the new bug ID too. Done.

Regards, -uta

More information about the core-libs-dev mailing list