P4
Name: nt126004 Date: 08/12/2002
FULL PRODUCT VERSION :
C:\>java -version
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)
FULL OPERATING SYSTEM VERSION :
Microsoft Windows 2000 [Version 5.00.2195]
A DESCRIPTION OF THE PROBLEM :
AbstractPreferences.isUserNode() relies on the Preferences
being accessed being owned by the current Thread. This is
poor behavior because in a server environment, an
Administrator could be manipulating a normal user's
preferences. The current user (the Admin) in this case will
be different than the Preference's root (the normal user's
root). Therefore, the user's Preference will be regarded as
the system Preferences incorrectly.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. create a Preference 'A'
2. have PreferenceFactory.userRoot() return Preference 'B'
3. have PreferenceFactory.systemRoot() return Preference 'C'
4. Preference 'A'.isUserNode() returns false.
5. have PreferenceFactory.userRoot() return Preference 'A'
6. Preference 'A'.isUserNode() returns true.
7. have PreferenceFactory.userRoot() return Preference 'B'
8. 'A'.exportSubtree() - because 'A' thinks that it is the
systemRoot() a subsequent import of 'A' will result in the
Preferences 'C' being changed by the data in 'A'
EXPECTED VERSUS ACTUAL BEHAVIOR :
Documentation for isUserNode() says "Returns true if this
preference node is in the user preference tree, false if
it's in the system preference tree. " This implies constant
behavior.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE -------------
/*
* TestPreferences.java
*
* Created on August 9, 2002, 2:14 PM
*/
import java.util.prefs.*;
import java.util.*;
import java.io.*;
/**
*
* @author pmoore
* @version
*/
public class TestPreferences implements PreferencesFactory {
// this represents the currrent user on the thread.
private int userIndexIs = 0;
private Preferences users[] = new Preferences [2];
private Preferences sys;
public Preferences userRoot() {
return users[userIndexIs];
}
public Preferences systemRoot() {
// new Exception("accessing systemroot() from here").printStackTrace();
return sys;
}
// access method that allows people to edit and save Preferences that they are
// authorized to that are not their own. For example a manager editting his
// employees Preferences.
public Preferences getUserPrefs(int userId) {
return users[userIndexIs];
}
// utility method to allow a user to set an arbitrary value on a Preference that
// they are allowed to see and modify.
public void setPragmaPrefVal(Preferences p, String key, String value) {
p.put(key, value);
}
/** Creates new TestPreferences */
public TestPreferences() {
sys = new FakePreferences("");
users[0] = new FakePreferences("");
users[1] = new FakePreferences("");
sys.put("i am", "system");
sys.put("enable security", "true");
sys.put("rootusers","noone");
users[0].put("i am", "evil user");
users[1].put("i am", "innocent");
}
public void runtest() throws Exception{
// evil user is the current user
System.out.println("running test...");
Preferences someoneElse = this.getUserPrefs(1);
System.out.println("someoneElse.isUserNode()="+someoneElse.isUserNode());
setPragmaPrefVal(someoneElse, "enable security", "true");
setPragmaPrefVal(someoneElse, "rootusers", "evil user");
System.out.println("saving");
FileOutputStream os = new FileOutputStream("c:\\temp\\test.xml");
someoneElse.exportSubtree(os);
os.close();
System.out.println("restoring");
FileInputStream is = new FileInputStream("c:\\temp\\test.xml");
Preferences.importPreferences(is);
is.close();
String rootusers = Preferences.systemRoot().get("rootusers", "???");
System.out.println("\n\n\nevil chuckle!\n\n");
System.out.println("rootusers="+rootusers);
}
/**
* @param args the command line arguments
*/
public static void main (String args[]) {
try {
System.setProperty("java.util.prefs.PreferencesFactory", TestPreferences.class.getName());
new TestPreferences().runtest();
}catch (Exception e) {
e.printStackTrace();
}
}
private class FakePreferences extends AbstractPreferences {
FakePreferences(String name) {
super(null, name);
}
private HashMap map = new HashMap();
/**
* Remove the association (if any) for the specified key at this
* preference node. It is guaranteed that <tt>key</tt> is non-null.
* Also, it is guaranteed that this node has not been removed.
* (The implementor needn't check for either of these things.)
*
* <p>This method is invoked with the lock on this node held.
*/
protected void removeSpi(String key) {
throw new UnsupportedOperationException();
}
/**
* Removes this preference node, invalidating it and any preferences that
* it contains. The named child will have no descendants at the time this
* invocation is made (i.e., the {@link Preferences#removeNode()} method
* invokes this method repeatedly in a bottom-up fashion, removing each of
* a node's descendants before removing the node itself).
*
* <p>This method is invoked with the lock held on this node and its
* parent (and all ancestors that are being removed as a
* result of a single invocation to {@link Preferences#removeNode()}).
*
* <p>The removal of a node needn't become persistent until the
* <tt>flush</tt> method is invoked on this node (or an ancestor).
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #removeNode()}
* invocation.
*
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected void removeNodeSpi() throws BackingStoreException {
throw new UnsupportedOperationException();
}
/**
* Returns the names of the children of this preference node. (The
* returned array will be of size zero if this node has no children.)
* This method need not return the names of any nodes already cached,
* but may do so without harm.
*
* <p>This method is invoked with the lock on this node held.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #childrenNames()}
* invocation.
*
* @return an array containing the names of the children of this
* preference node.
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected String[] childrenNamesSpi() throws BackingStoreException {
return new String[0];
}
/**
* Put the given key-value association into this preference node. It is
* guaranteed that <tt>key</tt> and <tt>value</tt> are non-null and of
* legal length. Also, it is guaranteed that this node has not been
* removed. (The implementor needn't check for any of these things.)
*
* <p>This method is invoked with the lock on this node held.
*/
protected void putSpi(String key, String value) {
System.out.println("putting in("+key+","+value+")");
this.map.put(key, value);
}
/**
* Returns all of the keys that have an associated value in this
* preference node. (The returned array will be of size zero if
* this node has no preferences.) It is guaranteed that this node has not
* been removed.
*
* <p>This method is invoked with the lock on this node held.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #keys()} invocation.
*
* @return an array of the keys that have an associated value in this
* preference node.
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected String[] keysSpi() throws BackingStoreException {
return (String[]) this.map.keySet().toArray(new String[this.map.keySet().size()]);
}
/**
* Returns the named child of this preference node, creating it if it does
* not already exist. It is guaranteed that <tt>name</tt> is non-null,
* non-empty, does not contain the slash character ('/'), and is no longer
* than {@link #MAX_NAME_LENGTH} characters. Also, it is guaranteed that
* this node has not been removed. (The implementor needn't check for any
* of these things.)
*
* <p>Finally, it is guaranteed that the named node has not been returned
* by a previous invocation of this method or {@link #getChild(String)}
* after the last time that it was removed. In other words, a cached
* value will always be used in preference to invoking this method.
* Subclasses need not maintain their own cache of previously returned
* children.
*
* <p>The implementer must ensure that the returned node has not been
* removed. If a like-named child of this node was previously removed, the
* implementer must return a newly constructed <tt>AbstractPreferences</tt>
* node; once removed, an <tt>AbstractPreferences</tt> node
* cannot be "resuscitated."
*
* <p>If this method causes a node to be created, this node is not
* guaranteed to be persistent until the <tt>flush</tt> method is
* invoked on this node or one of its ancestors (or descendants).
*
* <p>This method is invoked with the lock on this node held.
*
* @param name The name of the child node to return, relative to
* this preference node.
* @return The named child node.
*/
protected AbstractPreferences childSpi(String name) {
throw new UnsupportedOperationException();
}
/**
* Return the value associated with the specified key at this preference
* node, or <tt>null</tt> if there is no association for this key, or the
* association cannot be determined at this time. It is guaranteed that
* <tt>key</tt> is non-null. Also, it is guaranteed that this node has
* not been removed. (The implementor needn't check for either of these
* things.)
*
* <p> Generally speaking, this method should not throw an exception
* under any circumstances. If, however, if it does throw an exception,
* the exception will be intercepted and treated as a <tt>null</tt>
* return value.
*
* <p>This method is invoked with the lock on this node held.
*
* @return the value associated with the specified key at this preference
* node, or <tt>null</tt> if there is no association for this
* key, or the association cannot be determined at this time.
*/
protected String getSpi(String key) {
return (String) this.map.get(key);
}
/**
* This method is invoked with this node locked. The contract of this
* method is to synchronize any cached preferences stored at this node
* with any stored in the backing store. (It is perfectly possible that
* this node does not exist on the backing store, either because it has
* been deleted by another VM, or because it has not yet been created.)
* Note that this method should <i>not</i> synchronize the preferences in
* any subnodes of this node. If the backing store naturally syncs an
* entire subtree at once, the implementer is encouraged to override
* sync(), rather than merely overriding this method.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #sync()} invocation.
*
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected void syncSpi() throws BackingStoreException {
// throw new UnsupportedOperationException();
}
/**
* This method is invoked with this node locked. The contract of this
* method is to force any cached changes in the contents of this
* preference node to the backing store, guaranteeing their persistence.
* (It is perfectly possible that this node does not exist on the backing
* store, either because it has been deleted by another VM, or because it
* has not yet been created.) Note that this method should <i>not</i>
* flush the preferences in any subnodes of this node. If the backing
* store naturally flushes an entire subtree at once, the implementer is
* encouraged to override flush(), rather than merely overriding this
* method.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #flush()} invocation.
*
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected void flushSpi() throws BackingStoreException {
// throw new UnsupportedOperationException();
}
}
}
--------------- END SOURCE -----------------
(Review ID: 160372)
======================================================================
###@###.### 11/3/04 20:35 GMT
FULL PRODUCT VERSION :
C:\>java -version
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)
FULL OPERATING SYSTEM VERSION :
Microsoft Windows 2000 [Version 5.00.2195]
A DESCRIPTION OF THE PROBLEM :
AbstractPreferences.isUserNode() relies on the Preferences
being accessed being owned by the current Thread. This is
poor behavior because in a server environment, an
Administrator could be manipulating a normal user's
preferences. The current user (the Admin) in this case will
be different than the Preference's root (the normal user's
root). Therefore, the user's Preference will be regarded as
the system Preferences incorrectly.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. create a Preference 'A'
2. have PreferenceFactory.userRoot() return Preference 'B'
3. have PreferenceFactory.systemRoot() return Preference 'C'
4. Preference 'A'.isUserNode() returns false.
5. have PreferenceFactory.userRoot() return Preference 'A'
6. Preference 'A'.isUserNode() returns true.
7. have PreferenceFactory.userRoot() return Preference 'B'
8. 'A'.exportSubtree() - because 'A' thinks that it is the
systemRoot() a subsequent import of 'A' will result in the
Preferences 'C' being changed by the data in 'A'
EXPECTED VERSUS ACTUAL BEHAVIOR :
Documentation for isUserNode() says "Returns true if this
preference node is in the user preference tree, false if
it's in the system preference tree. " This implies constant
behavior.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE -------------
/*
* TestPreferences.java
*
* Created on August 9, 2002, 2:14 PM
*/
import java.util.prefs.*;
import java.util.*;
import java.io.*;
/**
*
* @author pmoore
* @version
*/
public class TestPreferences implements PreferencesFactory {
// this represents the currrent user on the thread.
private int userIndexIs = 0;
private Preferences users[] = new Preferences [2];
private Preferences sys;
public Preferences userRoot() {
return users[userIndexIs];
}
public Preferences systemRoot() {
// new Exception("accessing systemroot() from here").printStackTrace();
return sys;
}
// access method that allows people to edit and save Preferences that they are
// authorized to that are not their own. For example a manager editting his
// employees Preferences.
public Preferences getUserPrefs(int userId) {
return users[userIndexIs];
}
// utility method to allow a user to set an arbitrary value on a Preference that
// they are allowed to see and modify.
public void setPragmaPrefVal(Preferences p, String key, String value) {
p.put(key, value);
}
/** Creates new TestPreferences */
public TestPreferences() {
sys = new FakePreferences("");
users[0] = new FakePreferences("");
users[1] = new FakePreferences("");
sys.put("i am", "system");
sys.put("enable security", "true");
sys.put("rootusers","noone");
users[0].put("i am", "evil user");
users[1].put("i am", "innocent");
}
public void runtest() throws Exception{
// evil user is the current user
System.out.println("running test...");
Preferences someoneElse = this.getUserPrefs(1);
System.out.println("someoneElse.isUserNode()="+someoneElse.isUserNode());
setPragmaPrefVal(someoneElse, "enable security", "true");
setPragmaPrefVal(someoneElse, "rootusers", "evil user");
System.out.println("saving");
FileOutputStream os = new FileOutputStream("c:\\temp\\test.xml");
someoneElse.exportSubtree(os);
os.close();
System.out.println("restoring");
FileInputStream is = new FileInputStream("c:\\temp\\test.xml");
Preferences.importPreferences(is);
is.close();
String rootusers = Preferences.systemRoot().get("rootusers", "???");
System.out.println("\n\n\nevil chuckle!\n\n");
System.out.println("rootusers="+rootusers);
}
/**
* @param args the command line arguments
*/
public static void main (String args[]) {
try {
System.setProperty("java.util.prefs.PreferencesFactory", TestPreferences.class.getName());
new TestPreferences().runtest();
}catch (Exception e) {
e.printStackTrace();
}
}
private class FakePreferences extends AbstractPreferences {
FakePreferences(String name) {
super(null, name);
}
private HashMap map = new HashMap();
/**
* Remove the association (if any) for the specified key at this
* preference node. It is guaranteed that <tt>key</tt> is non-null.
* Also, it is guaranteed that this node has not been removed.
* (The implementor needn't check for either of these things.)
*
* <p>This method is invoked with the lock on this node held.
*/
protected void removeSpi(String key) {
throw new UnsupportedOperationException();
}
/**
* Removes this preference node, invalidating it and any preferences that
* it contains. The named child will have no descendants at the time this
* invocation is made (i.e., the {@link Preferences#removeNode()} method
* invokes this method repeatedly in a bottom-up fashion, removing each of
* a node's descendants before removing the node itself).
*
* <p>This method is invoked with the lock held on this node and its
* parent (and all ancestors that are being removed as a
* result of a single invocation to {@link Preferences#removeNode()}).
*
* <p>The removal of a node needn't become persistent until the
* <tt>flush</tt> method is invoked on this node (or an ancestor).
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #removeNode()}
* invocation.
*
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected void removeNodeSpi() throws BackingStoreException {
throw new UnsupportedOperationException();
}
/**
* Returns the names of the children of this preference node. (The
* returned array will be of size zero if this node has no children.)
* This method need not return the names of any nodes already cached,
* but may do so without harm.
*
* <p>This method is invoked with the lock on this node held.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #childrenNames()}
* invocation.
*
* @return an array containing the names of the children of this
* preference node.
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected String[] childrenNamesSpi() throws BackingStoreException {
return new String[0];
}
/**
* Put the given key-value association into this preference node. It is
* guaranteed that <tt>key</tt> and <tt>value</tt> are non-null and of
* legal length. Also, it is guaranteed that this node has not been
* removed. (The implementor needn't check for any of these things.)
*
* <p>This method is invoked with the lock on this node held.
*/
protected void putSpi(String key, String value) {
System.out.println("putting in("+key+","+value+")");
this.map.put(key, value);
}
/**
* Returns all of the keys that have an associated value in this
* preference node. (The returned array will be of size zero if
* this node has no preferences.) It is guaranteed that this node has not
* been removed.
*
* <p>This method is invoked with the lock on this node held.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #keys()} invocation.
*
* @return an array of the keys that have an associated value in this
* preference node.
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected String[] keysSpi() throws BackingStoreException {
return (String[]) this.map.keySet().toArray(new String[this.map.keySet().size()]);
}
/**
* Returns the named child of this preference node, creating it if it does
* not already exist. It is guaranteed that <tt>name</tt> is non-null,
* non-empty, does not contain the slash character ('/'), and is no longer
* than {@link #MAX_NAME_LENGTH} characters. Also, it is guaranteed that
* this node has not been removed. (The implementor needn't check for any
* of these things.)
*
* <p>Finally, it is guaranteed that the named node has not been returned
* by a previous invocation of this method or {@link #getChild(String)}
* after the last time that it was removed. In other words, a cached
* value will always be used in preference to invoking this method.
* Subclasses need not maintain their own cache of previously returned
* children.
*
* <p>The implementer must ensure that the returned node has not been
* removed. If a like-named child of this node was previously removed, the
* implementer must return a newly constructed <tt>AbstractPreferences</tt>
* node; once removed, an <tt>AbstractPreferences</tt> node
* cannot be "resuscitated."
*
* <p>If this method causes a node to be created, this node is not
* guaranteed to be persistent until the <tt>flush</tt> method is
* invoked on this node or one of its ancestors (or descendants).
*
* <p>This method is invoked with the lock on this node held.
*
* @param name The name of the child node to return, relative to
* this preference node.
* @return The named child node.
*/
protected AbstractPreferences childSpi(String name) {
throw new UnsupportedOperationException();
}
/**
* Return the value associated with the specified key at this preference
* node, or <tt>null</tt> if there is no association for this key, or the
* association cannot be determined at this time. It is guaranteed that
* <tt>key</tt> is non-null. Also, it is guaranteed that this node has
* not been removed. (The implementor needn't check for either of these
* things.)
*
* <p> Generally speaking, this method should not throw an exception
* under any circumstances. If, however, if it does throw an exception,
* the exception will be intercepted and treated as a <tt>null</tt>
* return value.
*
* <p>This method is invoked with the lock on this node held.
*
* @return the value associated with the specified key at this preference
* node, or <tt>null</tt> if there is no association for this
* key, or the association cannot be determined at this time.
*/
protected String getSpi(String key) {
return (String) this.map.get(key);
}
/**
* This method is invoked with this node locked. The contract of this
* method is to synchronize any cached preferences stored at this node
* with any stored in the backing store. (It is perfectly possible that
* this node does not exist on the backing store, either because it has
* been deleted by another VM, or because it has not yet been created.)
* Note that this method should <i>not</i> synchronize the preferences in
* any subnodes of this node. If the backing store naturally syncs an
* entire subtree at once, the implementer is encouraged to override
* sync(), rather than merely overriding this method.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #sync()} invocation.
*
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected void syncSpi() throws BackingStoreException {
// throw new UnsupportedOperationException();
}
/**
* This method is invoked with this node locked. The contract of this
* method is to force any cached changes in the contents of this
* preference node to the backing store, guaranteeing their persistence.
* (It is perfectly possible that this node does not exist on the backing
* store, either because it has been deleted by another VM, or because it
* has not yet been created.) Note that this method should <i>not</i>
* flush the preferences in any subnodes of this node. If the backing
* store naturally flushes an entire subtree at once, the implementer is
* encouraged to override flush(), rather than merely overriding this
* method.
*
* <p>If this node throws a <tt>BackingStoreException</tt>, the exception
* will propagate out beyond the enclosing {@link #flush()} invocation.
*
* @throws BackingStoreException if this operation cannot be completed
* due to a failure in the backing store, or inability to
* communicate with it.
*/
protected void flushSpi() throws BackingStoreException {
// throw new UnsupportedOperationException();
}
}
}
--------------- END SOURCE -----------------
(Review ID: 160372)
======================================================================
###@###.### 11/3/04 20:35 GMT