Review request: 8040059 Change default policy for extensions to no permission (original) (raw)

Sean Mullan sean.mullan at oracle.com
Wed Apr 23 20:10:30 UTC 2014

• Previous message: Review request: 8040059 Change default policy for extensions to no permission
• Next message: Review request: 8040059 Change default policy for extensions to no permission
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just a few comments:

1. When you write a test that uses the jtreg /policy option, the policy file overrides the system policy file. If the test depends on a standard extension, then you may get SecurityExceptions unless additional perms are granted. Thus, there are quite a few tests that define their own policy files and duplicate the grant statement for extensions from the system policy:

   grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }

These tests should be modified to only grant the necessary permissions. However, ideally I think that a better solution would be to add a jtreg /policy option that doesn't override the system policy file, but rather appends to it, for example, using "==" :

 @run main/othervm/policy==test.policy

(this is the reverse behavior of the java.security.policy system property, so it might be a little confusing, so maybe it is better to add a new option)

1. test/lib/security/java.policy/Ext_AllPolicy.java

I think you should also add a check for AllPermission.

1. jdk/nio/zipfs/ZipFileSystem.java

If I understand the changes, the previous code would throw SecurityExceptions when run under a SecurityManager? It's not specifically related to this bug, is it?

1. lib/security/java.policy

   grant codeBase "file:${java.home}/lib/ext/zipfs.jar" { permission java.io.FilePermission "<>",

"read,write,delete";

Hmm, granting that likely means you are just a hop away from getting AllPermission ... not sure what to advise here, but there are several cases like this for certain permissions (ex: RuntimePermission "createClassLoader" is another one).

--Sean

On 04/22/2014 03:39 PM, Mandy Chung wrote:

This change proposes to remove granting all permissions for extensions as the default and implements the principle of least privilege.In JDK 9, we want to reduce the privileges of as many system classes as possible.

http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8040059/webrev.00/ This patch has reduced the zipfs, localedata and cldrdata to grant the permissions they require. It grants AllPermission to other jar files in the lib/ext directory shipped with JDK and this change is intended to enable the component teams to identify the minimum permissions and fix any issue, if any. Libraries installed in the extensions directory depending on AllPermission granted by default are impacted. Making this change as early in JDK 9 allows us to identify any customer impacted by this change. Mandy

• Previous message: Review request: 8040059 Change default policy for extensions to no permission
• Next message: Review request: 8040059 Change default policy for extensions to no permission
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list