-
Type:
Bug
-
Resolution: Not an Issue
-
Priority:
P2
-
None
-
Affects Version/s: 6
-
Component/s: security-libs
-
None
-
generic
-
generic
#java -version
java version "1.6.0-rc"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.6.0-rc-b71)
Java HotSpot(TM) Client VM (build 1.6.0-rc-b71, mixed mode)
#cat > Test.java
public class Test{
public static void main(String[] args){
System.out.println(Test.class.getResource("/META-INF/services/java.sql.Driver"));
//Or any resource from resources.jar
}
}
#cat|sed -e s\!current_dir\!`pwd`\! > test.policy
grant codeBase "file:current_dir" {
};
#java -classpath . -Djava.security.manager -Djava.security.policy=test.policy -Djava.security.debug="access" Test
access: access allowed (java.io.FilePermission /export/Development/security-regression/res-bug read)
access: access denied (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/resources.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/rt.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/sunrsasign.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/jsse.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/jce.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/charsets.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/classes read)
null
Note that access denied to resources.jar
It is known that at least some of resources are acessed outside of priveleged blocks.
java version "1.6.0-rc"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.6.0-rc-b71)
Java HotSpot(TM) Client VM (build 1.6.0-rc-b71, mixed mode)
#cat > Test.java
public class Test{
public static void main(String[] args){
System.out.println(Test.class.getResource("/META-INF/services/java.sql.Driver"));
//Or any resource from resources.jar
}
}
#cat|sed -e s\!current_dir\!`pwd`\! > test.policy
grant codeBase "file:current_dir" {
};
#java -classpath . -Djava.security.manager -Djava.security.policy=test.policy -Djava.security.debug="access" Test
access: access allowed (java.io.FilePermission /export/Development/security-regression/res-bug read)
access: access denied (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/resources.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/rt.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/sunrsasign.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/jsse.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/jce.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/lib/charsets.jar read)
access: access allowed (java.net.NetPermission specifyStreamHandler)
access: access allowed (java.io.FilePermission /net/archer/export5/re/jdk/6.0/promoted/rc/b71/binaries/linux-i586/jre/classes read)
null
Note that access denied to resources.jar
It is known that at least some of resources are acessed outside of priveleged blocks.
- relates to
-
-
- Closed
-
-
JDK-6320938 RFE: Move all the non-class files out of rt.jar
-
- Resolved
-