[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security manager problem

From: Gary Benson
Subject: Re: Security manager problem
Date: Thu, 22 Dec 2005 15:15:37 +0000

Hi Mark,

Thanks for your quick reply, and apologies for my egregiously slow

Mark Wielaard wrote:
> On Mon, 2005-12-12 at 17:55 +0000, Gary Benson wrote:
> > Gary Benson wrote:
> > > Robert Lougher wrote:
> > > > Do you have a testcase?
> > > 
> > > If you build and run the attached testcase you ought to see
> > > only one checkPermission() between "Calling checkRead()" and
> > > "Done". ... In reality, JamVM chokes on it pretty hard.  I
> > > _think_ what is happening is that the System.out.println in
> > > checkPermission() is itself doing some initialisation which
> > > causes security checks, causing an infinite loop.
> > 
> > The initialisation in question turns out to be:
> > 
> >  1. Loading java.lang.StringBuffer to build the message.
> >  2. Loading to print it out.
> >  3. Converting the message to bytes using String.getBytes(encoding).
> > 
> > Any one of them will trigger a security check and hence an infinite
> > loop.
> Aha! There is your clue. libgcj hasn't merged in the new nio charset
> provider setup. And indeed creating a new CharsetProvider requires a
> RuntimePermission("charsetProvider"). Even for creating the default
> provider. Which obviously should always be created, otherwise
> nothing works. It is safe in this case since we know the default
> provider doesn't do nasty things (or at least we hope so). So you
> need the attached patch to gnu/java/nio/charset/

Works perfectly, thanks.

> But even then you need some more workaround.
> All this seems to come from having a user defined security
> manager loaded by a user defined class loader (the default
> System/Application class loader). We need to do ClassLoader.
> loadClass() checks in that case. But as shown in this example
> that leads very easily to recursive checkPermission() calls.
> I don't have a good idea how to make this easier. Any ideas?

Not really.  It'd be interesting to see how other JVMs handle this,
but I doubt it matters much as extending SecurityManager isn't really
necessary these days.

Cheers (and Merry Christmas!)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]