Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207961

Generalize the jdk.net.includeInExceptions security property

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 11
    • Component/s: core-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      Change to a new security property added in JDK 11
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      Rename the, new in JDK 11, security property jdk.net.includeInExceptions to jdk.includeInExceptions.

      Problem

      JDK-8204233 added a new security property, jdk.net.includeInExceptions, to include additional, potentially security sensitive, information in exception detail messages in the networking area. The property accepts a comma separated list of values that specifies the particular type of extra detail information to add.

      Since its addition, in JDK 11, further uses have arisen to include additional, potentially security sensitive, information in exception detail messages in other areas, namely the java.util.jar APIs. See JDK-8205525, and http://mail.openjdk.java.net/pipermail/core-libs-dev/2018-July/054284.html

      Solution

      Given that this mechanism will likely be used more generally across different parts of the platform, it seem prudent to rename the property to be less area-specific, say jdk.includeInExceptions, thus allowing or additional argument values to be specified in the future, like for example jarPath.

      Specification

      $ hg extdiff -p diff -o -C1 src/java.base/share/conf/security/java.security
      
      < #
      < # Enhanced exception message text
      < #
      < # By default, socket exception messages do not include potentially sensitive
      < # information such as hostnames or port numbers. This property may be set to one
      < # or more values, separated by commas, and with no white-space. Each value
      < # represents a category of enhanced information. Currently, the only category defined
      < # is "hostInfo" which enables more detailed information in the IOExceptions
      < # thrown by java.net.Socket and also the socket types in the java.nio.channels package.
      < # The setting in this file can be overridden by a system property of the same name
      < # and with the same syntax and possible values.
      < #jdk.net.includeInExceptions=hostInfo
      ---
      > #
      > # Enhanced exception message information
      > #
      > # By default, exception messages should not include potentially sensitive
      > # information such as file names, host names, or port numbers. This property
      > # accepts one or more comma separated values, each of which represents a
      > # category of enhanced exception message information to enable. Values are
      > # case-insensitive. Leading and trailing whitespaces, surrounding each value,
      > # are ignored. Unknown values are ignored.
      > #
      > # The categories are:
      > #
      > #  hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the
      > #             java.nio.channels package will contain enhanced exception
      > #             message information
      > #
      > # The property setting in this file can be overridden by a system property of
      > # the same name, with the same syntax and possible values.
      > #
      > #jdk.includeInExceptions=hostInfo

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chegar Chris Hegarty
                Reporter:
                chegar Chris Hegarty
                Reviewed By:
                Alan Bateman, Michael McMahon, Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: