Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8154009

Some methods of java.security.Security require more permissions, than necessary

    Details

      Backports

        Description

        If I use getProviders method from java.security.Security class with Security manager, I would have to specify following permissions:

        grant codeBase "file:${{java.ext.dirs}}/*" {
                permission java.lang.RuntimePermission "loadLibrary.*";
                permission java.io.FilePermission "<<ALL FILES>>", "read";
                permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
        };

        Same is applicable to addProvider method.
        That is, above mentioned permissions should be added to the SecurityPermission("insertProvider."+provider.getName()) mentioned in the specification.

        Those additional permissions are present in java.policy file stored inside JDK. But it looks rather strange to me that simple request to getProviders would work only if I explicitly allow to load full list of providers.

        This problem can be identified only if we switch-off usage of policy file declared in standard JDK. To do so, we need to call java like the following:
        <JDK_path>/bin/java -Djava.security.manager -Dpolicy==<policy_file>

          Issue Links

            Activity

            Hide
            akosarev Artem Kosarev added a comment - - edited
            Simple code below can break if we call programm like this:
            <JDK_path>/bin/java -Djava.security.manager -Djava.security.policy==./policy TerminalFactorySpiTest
            where policy file is empty

            import java.security.Security;
            import java.util.Arrays;

            public class TerminalFactorySpiTest {

                public static void main(String[] args) throws Exception {
                    try{
                            System.out.println(Arrays.asList(Security.getProviders()));
                    }catch(ExceptionInInitializerError err){
                            err.printStackTrace();
                    }

                }

            }

            Stack trace:

            java.lang.ExceptionInInitializerError
                    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
                    at java.lang.Class.newInstance0(Class.java:357)
                    at java.lang.Class.newInstance(Class.java:310)
                    at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
                    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
                    at sun.security.jca.ProviderList.loadAll(ProviderList.java:264)
                    at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:281)
                    at sun.security.jca.Providers.getFullProviderList(Providers.java:129)
                    at java.security.Security.getProviders(Security.java:421)
                    at TerminalFactorySpiTest.main(TerminalFactorySpiTest.java:11)
            Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.sunmscapi)
                    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
                    at java.security.AccessController.checkPermission(AccessController.java:549)
                    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
                    at java.lang.SecurityManager.checkLink(SecurityManager.java:818)
                    at java.lang.Runtime.loadLibrary0(Runtime.java:817)
                    at java.lang.System.loadLibrary(System.java:1028)
                    at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:32)
                    at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:30)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at sun.security.mscapi.SunMSCAPI.<clinit>(SunMSCAPI.java:30)
                    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
                    at java.lang.Class.newInstance0(Class.java:357)
                    at java.lang.Class.newInstance(Class.java:310)
                    at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
                    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
                    at sun.security.jca.ProviderList.loadAll(ProviderList.java:264)
                    at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:281)
                    at sun.security.jca.Providers.getFullProviderList(Providers.java:129)
                    at java.security.Security.getProviders(Security.java:421)
            Show
            akosarev Artem Kosarev added a comment - - edited Simple code below can break if we call programm like this: <JDK_path>/bin/java -Djava.security.manager -Djava.security.policy==./policy TerminalFactorySpiTest where policy file is empty import java.security.Security; import java.util.Arrays; public class TerminalFactorySpiTest {     public static void main(String[] args) throws Exception {         try{                 System.out.println(Arrays.asList(Security.getProviders()));         }catch(ExceptionInInitializerError err){                 err.printStackTrace();         }     } } Stack trace: java.lang.ExceptionInInitializerError         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)         at java.lang.Class.newInstance0(Class.java:357)         at java.lang.Class.newInstance(Class.java:310)         at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)         at java.security.AccessController.doPrivileged(Native Method)         at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)         at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)         at sun.security.jca.ProviderList.loadAll(ProviderList.java:264)         at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:281)         at sun.security.jca.Providers.getFullProviderList(Providers.java:129)         at java.security.Security.getProviders(Security.java:421)         at TerminalFactorySpiTest.main(TerminalFactorySpiTest.java:11) Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.sunmscapi)         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)         at java.security.AccessController.checkPermission(AccessController.java:549)         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)         at java.lang.SecurityManager.checkLink(SecurityManager.java:818)         at java.lang.Runtime.loadLibrary0(Runtime.java:817)         at java.lang.System.loadLibrary(System.java:1028)         at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:32)         at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:30)         at java.security.AccessController.doPrivileged(Native Method)         at sun.security.mscapi.SunMSCAPI.<clinit>(SunMSCAPI.java:30)         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)         at java.lang.Class.newInstance0(Class.java:357)         at java.lang.Class.newInstance(Class.java:310)         at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)         at java.security.AccessController.doPrivileged(Native Method)         at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)         at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)         at sun.security.jca.ProviderList.loadAll(ProviderList.java:264)         at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:281)         at sun.security.jca.Providers.getFullProviderList(Providers.java:129)         at java.security.Security.getProviders(Security.java:421)
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/rev/79db712cd915
            User: alexp
            Date: 2016-06-09 13:09:14 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/rev/79db712cd915 User: alexp Date: 2016-06-09 13:09:14 +0000
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/79db712cd915
            User: robm
            Date: 2016-06-10 18:29:45 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/79db712cd915 User: robm Date: 2016-06-10 18:29:45 +0000
            Hide
            coffeys Sean Coffey added a comment -
            [~akosarev] Do we still have a problem given the below stacktrace ? [1]. I was going to add extra permissions to the test policy file but your approach in this fix suggests that such config issues should be a silent provider-load failure if certain permission are lacking to initialize a provider. Would you regard missing permission to read sunpkcs11-solaris.cfg for SunPKCS11 provider as same issue? Should we fail or continue ?

            java.lang.ExceptionInInitializerError
                    at UnboundSSL.start(UnboundSSL.java:78)
                    at UnboundSSL.main(UnboundSSL.java:48)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            <snip>
            Caused by: java.security.ProviderException: Error parsing configuration
                    at sun.security.pkcs11.Config.getConfig(Config.java:88)
                    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)
                    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
                    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
                    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
                    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
                    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
                    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
                    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
                    at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
                    at sun.security.jca.ProviderList$3.get(ProviderList.java:148)
                    at sun.security.jca.ProviderList$3.get(ProviderList.java:143)
                    at java.util.AbstractList$Itr.next(AbstractList.java:358)
                    at java.security.SecureRandom.getPrngAlgorithm(SecureRandom.java:558)
                    at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:194)
                    at java.security.SecureRandom.<init>(SecureRandom.java:162)
                    at KDC.<clinit>(KDC.java:127)
                    ... 8 more
            Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/jdk/8u112/fcs/b07/binaries/solaris-sparcv9/jre/lib/security/sunpkcs11-solaris.cfg" "read")
                    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
                    at java.security.AccessController.checkPermission(AccessController.java:884)
                    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
                    at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
                    at java.io.FileInputStream.<init>(FileInputStream.java:127)
                    at java.io.FileInputStream.<init>(FileInputStream.java:93)
                    at sun.security.pkcs11.Config.<init>(Config.java:211)
                    at sun.security.pkcs11.Config.getConfig(Config.java:84)
            Show
            coffeys Sean Coffey added a comment - [~akosarev] Do we still have a problem given the below stacktrace ? [1]. I was going to add extra permissions to the test policy file but your approach in this fix suggests that such config issues should be a silent provider-load failure if certain permission are lacking to initialize a provider. Would you regard missing permission to read sunpkcs11-solaris.cfg for SunPKCS11 provider as same issue? Should we fail or continue ? java.lang.ExceptionInInitializerError         at UnboundSSL.start(UnboundSSL.java:78)         at UnboundSSL.main(UnboundSSL.java:48)         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) <snip> Caused by: java.security.ProviderException: Error parsing configuration         at sun.security.pkcs11.Config.getConfig(Config.java:88)         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)         at java.lang.reflect.Constructor.newInstance(Constructor.java:423)         at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)         at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)         at java.security.AccessController.doPrivileged(Native Method)         at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)         at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)         at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)         at sun.security.jca.ProviderList$3.get(ProviderList.java:148)         at sun.security.jca.ProviderList$3.get(ProviderList.java:143)         at java.util.AbstractList$Itr.next(AbstractList.java:358)         at java.security.SecureRandom.getPrngAlgorithm(SecureRandom.java:558)         at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:194)         at java.security.SecureRandom.<init>(SecureRandom.java:162)         at KDC.<clinit>(KDC.java:127)         ... 8 more Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/jdk/8u112/fcs/b07/binaries/solaris-sparcv9/jre/lib/security/sunpkcs11-solaris.cfg" "read")         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)         at java.security.AccessController.checkPermission(AccessController.java:884)         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)         at java.lang.SecurityManager.checkRead(SecurityManager.java:888)         at java.io.FileInputStream.<init>(FileInputStream.java:127)         at java.io.FileInputStream.<init>(FileInputStream.java:93)         at sun.security.pkcs11.Config.<init>(Config.java:211)         at sun.security.pkcs11.Config.getConfig(Config.java:84)

              People

              • Assignee:
                akosarev Artem Kosarev
                Reporter:
                akosarev Artem Kosarev
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: