Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6855222

Signed applet has no privilege to execute an executable-file on Vista or Win2008

    Details

    • Subcomponent:
    • Introduced In Version:
    • CPU:
      x86
    • OS:
      windows_vista

      Description

      FULL PRODUCT VERSION :
      JRE6u10 or later


      ADDITIONAL OS VERSION INFORMATION :
      1. Microsoft Windows Server 2008 Enterprise(Windows Version: 6.1.6001)
            build 6001
            Service Pack1
            Japanese Edition
      or 2.Microsoft Windows Vista(Windows Version: 6.1.6001)

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      1.Machine/OS/IE
          CPU Intel(R) Xeon(R) CPU 2.50GHz
            [x64 Family 6 Model 23 Stepping 8]
            The number of the processor: 2
      2. OS Microsoft Windows Server 2008 Enterprise(Windows Version: 6.1.6001)
            build 6001
            Service Pack1
            Japanese Edition
      3.Internet Explorer 7
            Version : 7.0.6001.1800
      4. Java Detail Version
      ¿¿Java Plug-in 1.6.0_12
      ¿¿JRE Version 1.6.0_12 Java HotSpot(TM) Client VM

      A DESCRIPTION OF THE PROBLEM :
      When using JRE6u12 on Windows Vista or Windows Server 2008, signed applet has no privilege to execute an executable-file(*1). For example, an exception occurs when an applet tries to execute a windows application(JRE's installer etc.) which is selected from the Filechooser.
         *1: Only executable-files which will be prompted for a username and admin password by UAC, such as an JRE's installer.

      It occurs in the following enviorment.
         -Windows Vista or Windows Server2008
         -JRE6u10 or later
         -User logged on is an administrator(not build-in administrator)

      It doesn't occur when JRE6u7 is installed.
      When IE starts with "Run as administrator"through right-click menu, it also doesn't occur.
      When UAC is turned off, it also doesn't occur.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1.compile the test case into a jar and then sign it.
      2.start IE to run the signed jar.
      3.through "select a app", you can choose an executable-file. for example jre-6u12-windows-i586-p.exe

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      jre-6u12-windows-i586-p.exe can be started and sucessful message is shown.
      ACTUAL -
      The following message is shown.
      "IOException occured"

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      import java.awt.FlowLayout;
      import java.awt.event.ActionEvent;
      import java.awt.event.ActionListener;
      import java.io.File;
      import java.io.IOException;

      import javax.swing.JApplet;
      import javax.swing.JButton;
      import javax.swing.JFileChooser;
      import javax.swing.JLabel;
      import javax.swing.JOptionPane;

      public class AccessTestApplet extends JApplet {
          String cmd;
          
          public void init() {
              cmd = getCmdString("osk.exe");
              
              //add a label to show text
              getContentPane().setLayout(new FlowLayout());
              JLabel label = new JLabel("Please select a application to start->");
              getContentPane().add(label);
              
              ActionListener actionLsn = new BtnAction();

              //add a button to start exe app
              JButton button2 = new JButton("select a app");
              button2.addActionListener(actionLsn);
              getContentPane().add(button2);
          }

          public void start() {
          }

          public void stop() {
              getContentPane().removeAll();
          }

          public void destroy() {
          }
          
          private String getCmdString(String exeFile) {
              String cmd = System.getenv("SystemRoot") + File.separator + "system32"
                      + File.separator + exeFile;
              return cmd;
          }

          private void showMessage(String message) {
              JOptionPane.showMessageDialog(this, message);
          }

          private class BtnAction implements ActionListener {

              public void actionPerformed(ActionEvent arg0) {
                  
                  JButton btn = (JButton) arg0.getSource();
                  String text = btn.getText();
                  if (text.equals("start")) {
                      startExe();
                  } else if (text.equals("select a app")) {
                      JFileChooser jfc = new JFileChooser();
                      int returnVal = jfc.showOpenDialog(AccessTestApplet.this);
                      if (returnVal == JFileChooser.APPROVE_OPTION) {
                          System.out.println("You chose to open this file: "
                                  + jfc.getSelectedFile().getAbsolutePath());
                          cmd = jfc.getSelectedFile().getAbsolutePath();
                          startExe();
                      }
                  }
              }
              
              private void startExe() {
               // start a .exe
                  try {
                      Process pro = java.lang.Runtime.getRuntime().exec(cmd);
                      pro.waitFor();
                  } catch (SecurityException se) {
                      se.printStackTrace();
                      showMessage(" SecurityException occured! ");
                  } catch (NullPointerException n) {
                      n.printStackTrace();
                      showMessage(" NullPointerException occured ");
                  } catch (IllegalArgumentException iae) {
                      iae.printStackTrace();
                      showMessage(" IllegalArgmentException occured ");
                  } catch (IOException ioe) {
                      ioe.printStackTrace();
                      showMessage(" IOException occured ");
                  } catch (InterruptedException e) {
                      e.printStackTrace();
                      showMessage("InterruptedException ");
                  } catch (Exception e) {
                      e.printStackTrace();
                      showMessage("Exception dumped into plug-in console");
                  } finally {
                  }
              }
          }
      }
      ---------- END SOURCE ----------



      Release Regression From : 6u7
      The above release value was the last known release where this
      bug was not reproducible. Since then there has been a regression.

        Attachments

          Activity

            People

            • Assignee:
              vdrozdov Victor Drozdov (Inactive)
              Reporter:
              ndcosta Nelson Dcosta (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: