Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8235909

File.exists throws AccessControlException for invalid paths when a SecurityManager is installed

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: openjdk8u232
    • Fix Version/s: openjdk8u242
    • Component/s: core-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b07
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        Bug originally reported by Nathan Strong:
        .................................................
        The jdk8u232 release contains a regression in the following circumstance:

         1. The platform is Windows-based
         2. A Security Manager is enabled
         3. A security policy has been specified granting access to “<<ALL FILES>>”
         4. You attempt to call exists() on a File object created with an illegal filename (e.g. “/bad:path”, illegal because of the ‘:’)

        Expected result: exists() returns false, because “can’t exist” implies “doesn’t exist”

        Actual result: AccessControlException: access denied

        This issue does *not* occur in jdk13.

        Here’s the stack trace:

        Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "\bad:path" "read")
                at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
                at java.security.AccessController.checkPermission(AccessController.java:886)
                at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
                at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
                at java.io.File.exists(File.java:814)
                at com.tripwire.Main.printFileExists(Main.java:16)
                at com.tripwire.Main.main(Main.java:12)

        Reproducer:

        public class Main {
            public static void main(String[] args) {
                File invalidPath = new File("/bad:path");
                File validPath = new File("/etc/hosts");
                printFileExists(validPath);
                printFileExists(invalidPath);
            }

            private static void printFileExists(File file) {
                if(file.exists()) {
                    System.out.println(file + " exists");
                } else {
                    System.out.println(file + " does not exist");
                }
            }
        }

        And here is the security policy:

        grant {
          permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
        };
        .................................................

        This bug was introduced with the 8u backport of 8213429.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  andrew Andrew Hughes
                  Reporter:
                  mbalao Martin Balao
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: