Fix Version/s: 10
Compatibility Risk Description:The compatibility risk is low since it is relaxing a previous limitation.
Interface Kind:System or security property
The RMI Registry filter is relaxed to allow binding arrays of any type.
The built-in filter applied to the RMI Registry remote methods checks the argument types against a known list of allowed types.
For arrays it checks that the component type is one of the allowed types.
However, RMI and Serialization considers all arrays to be serializable and it is common for the component type of the array to be a serializable array to be a non-serializable type such as java.lang.Object. The constraint on the component type is unnecessary and should be removed.
Developers also considered the build-in limit on the maximum array size to be too small (10000).
The workaround is to override of the built-in filter using the system property
sun.rmi.registry.registryFilter to allow java.lang.Object or the component type as needed. The property can be defined on the command line or in the
conf/security/java.security configuration file.
The RMI Registry built-in serial filter is modified to check only the array size and not the component type. Array sizes greater than the
maxarray limit will be rejected and otherwise will be allowed. The description of the
sun.rmi.registry.registryFilter property will be updated in the
conf/security/java.security configuration to better describe the default behavior and how to override.
Both the system property sun.rmi.registry.registryFilter and the corresponding java.security property use the same syntax and behavior.
The maximum array size is increased to 1,000,000. The override filter can be used to decrease the limit but can not raise it so a higher default value provides greater flexibility.
The description of the system property and the java.security property is updated:
diff conf/security/java.security --- 949,979 ---- # # RMI Registry Serial Filter # # The filter pattern uses the same format as jdk.serialFilter. # This filter can override the builtin filter if additional types need to be ! # allowed or rejected from the RMI Registry or to decrease limits but not ! # to increase limits. ! # If the limits (maxdepth, maxrefs, or maxbytes) are exceeded, the object is rejected. ! # ! # Each non-array type is allowed or rejected if it matches one of the patterns, ! # evaluated from left to right, and is otherwise allowed. Arrays of any ! # component type, including subarrays and arrays of primitives, are allowed. ! # ! # Array construction of any component type, including subarrays and arrays of ! # primitives, are allowed unless the length is greater than the maxarray limit. ! # The filter is applied to each array element. # # Note: This property is currently used by the JDK Reference implementation. # It is not guaranteed to be examined and used by other implementations. # ! # The built-in filter allows subclasses of allowed classes and ! # can approximately be represented as the pattern: ! # ! #sun.rmi.registry.registryFilter=\ ! # maxarray=1000000;\ ! # maxdepth=20;\ ! # java.lang.String;\ ! # java.lang.Number;\ ! # java.lang.reflect.Proxy;\ ! # java.rmi.Remote;\ ! # sun.rmi.server.UnicastRef;\ ! # sun.rmi.server.RMIClientSocketFactory;\ ! # sun.rmi.server.RMIServerSocketFactory;\ ! # java.rmi.activation.ActivationID;\ ! # java.rmi.server.UID