Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8168313

Tighten permissions granted to jdk.crypto.pkcs11 module

    XMLWordPrintable

    Details

      Description

      The jdk.crypto.pkcs11 module is granted the following permissions:

      grant codeBase "jrt:/jdk.crypto.pkcs11" {
          permission java.lang.RuntimePermission
                         "accessClassInPackage.sun.security.*";
          permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
          permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
          permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
          // needs "security.pkcs11.allowSingleThreadedModules"
          permission java.util.PropertyPermission "*", "read";
          permission java.security.SecurityPermission "putProviderProperty.*";
          permission java.security.SecurityPermission "clearProviderProperties.*";
          permission java.security.SecurityPermission "removeProviderProperty.*";
          permission java.security.SecurityPermission
                         "getProperty.auth.login.defaultCallbackHandler";
          permission java.security.SecurityPermission "authProvider.*";
          // Needed for reading PKCS11 config file and NSS library check
          permission java.io.FilePermission "<<ALL FILES>>", "read";
      };

      The java.lang.RuntimePermission "accessClassInPackage.sun.misc" is unnecessary and can be removed.

      The java.util.PropertyPermission "*", "read" is too loose, it can be broken down to only allow reading a few properties.

        Attachments

          Activity

            People

            Assignee:
            mullan Sean Mullan
            Reporter:
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: