If java process is killed, which is waiting to recieve password through I/O call Console.readPassword(), it prints the characters entered in echo off mode.
This behaviour is specific to Linux
In Solaris and Windows the bug 6363043 still exists (Please see the Result) if the shell is killed, in which java process is running.
It seems to be security issue as it prints the password which entered in echo off mode.
<test-case>
bash-3.00$ cat TestConsole.java
import java.io.*;
class TestConsole {
public static void main(String ... args) throws Exception {
Console con = System.console();
if (con != null)
con.printf(new String( con.readPassword("%s","Password:")));
}
}
</test-case>
STEPS TO REPRODUCE :
Steps To Reproduce:
1) Execute the test case Solaris/Linux/Windows.
2) Type some characters "abcdef" ,when it prompts for password, and dont press Enter key.
3) Open another terminal, and kill the java process which is executing the TestConsole.
4) Now we can see the characters "abcedf" which are entered in echo off mode are printed on command line.
Istead of killing the java process, if the shell (bsh/ksh/csh) is killed on which java process is running, echo will be off in Solaris. In Windows if we kill the java process by kill -9 PID, the echo will be off (To produce this, we should run java in shell)
<Result in Linux>
[rg157576@jlab203 ~/Rajendra]$ $jdk/java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b74, mixed mode)
[rg157576@jlab203 ~/Rajendra]$ $jdk/java TestConsole
Password:Killed (Type characters and not enter key)
[rg157576@jlab203 ~/Rajendra]$ RajendraVittal
<output in Other window>
[rg157576@jlab203 ~]$ ps -al | grep java
0 S 158576 2560 1275 0 81 0 - 45980 schedu pts/0 00:00:00 java
[rg157576@jlab203 ~]$ kill -9 2560
</output in Other window>
</Result in Linux>
<Result-Solaris>
<First-Window>
client24:/home/rg157576/Rajendra 129 % bash
bash-3.00$ /net/sqindia/export/disk14/coresqe/releases/mustang/PIT75/solaris/bin/java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b73, mixed mode)
bash-3.00$ /net/sqindia/export/disk14/coresqe/releases/mustang/PIT75/solaris/bin/java TestConsole
Password:Killed
client24:/home/rg157576/Rajendra 130 % Exception in thread "main" java.io.IOError: java.io.IOException: I/O error
RajendraVittal: Command not found
client24:/home/rg157576/Rajendra 131 % at java.io.Console.readPassword(Console.java:300)
at TestConsole.main(TestConsole.java:6)
Caused by: java.io.IOException: I/O error
at java.io.FileInputStream.readBytes(Native Method)
at java.io.FileInputStream.read(FileInputStream.java:199)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.Console$LineReader.read(Console.java:408)
at java.io.Console.readline(Console.java:347)
at java.io.Console.readPassword(Console.java:298)
... 1 more
client24:/home/rg157576/Rajendra 131 %
(Now if typed characters,it wont be displayed on Console)
</First-Window>
<Second-Window>
bash-3.00$ ps -al | grep bash
0 S 158576 806 798 0 50 20 ? 372 ? pts/4 0:00 bash
0 R 158576 2001 1747 0 70 20 ? 373 pts/5 0:00 bash
0 S 158576 1533 1525 0 50 20 ? 374 ? pts/7 0:00 bash
0 S 158576 1465 1417 0 40 20 ? 371 ? pts/6 0:00 bash
0 S 158576 1627 1617 0 50 20 ? 373 ? pts/8 0:00 bash
0 S 158576 2007 1923 0 50 20 ? 373 ? pts/9 0:00 bash
bash-3.00$ kill -9 2007
bash-3.00$
<Second-Window>
</Result-Solaris>
<Result-Windows>
<Telnet To Windows Machine>
(Press Ctrl+c after typing password)
bash-3.00$ telnet J2DEmperor.india.sun.com
Trying 129.158.229.177...
Connected to J2DEmperor.india.sun.com.
Escape character is '^]'.
Welcome to MKS Telnet Server Version 4.62.0000.
login: sqe
password:
$ pwd
C:/Documents and Settings/sqe
$ cd ..
$ cd ..
$ cd work
$ java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b74, mixed mode)
$ java TestConsole
Password:2006-03-02 21:18:13
Full thread dump Java HotSpot(TM) Client VM (1.6.0-beta2-b74 mixed mode):
"Low Memo ry Detector" daemon prio=6 tid=0x0a8dac00 nid=0x5d0 runnable [0x00000000..0x00000000]
java.lang.Thread.State : RUNNABLE
"CompilerThread0" daemon prio=10 tid=0x0a8d9000 nid=0x7d8 waiting on condition [0x00000000..0x0aabf9 60]
java.lang.Thread.State: RUNNABLE
"Attach Listener" daemon prio=10 tid=0x0a8d7c00 nid=0xa88 runnable [0x00 000000..0x00000000]
java.lang.Thread.State: RUNNABLE
"Signal Dispatcher" daemon prio=10 tid=0x0a8d6c00 nid=0x 218 waiting on condition [0x00000000..0x00000000]
java.lang.Thread.State: RUNNABLE
"Finalizer" daemon prio=8 tid=0x0a8c8c00 nid=0xb20 in Object.wait() [0x0a9cf000..0x0a9cfc94]
java.lang.Thread.State: WAITING (on objec t monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x02740b50> (a java.lang.ref.ReferenceQu eue$Lock)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:116)
- locked <0x02740b50> (a java. lang.ref.ReferenceQueue$Lock)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:132)
at java.lang.r ef.Finalizer$FinalizerThread.run(Finalizer.java:159)
"Reference Handler" daemon prio=10 tid=0x0a8c4400 nid=0x91 c in Object.wait() [0x0a97f000..0x0a97fd14]
java.lang.Thread.State: WAITING (on object monitor)
at jav a.lang.Object.wait(Native Method)
- waiting on <0x02740a50> (a java.lang.ref.Reference$Lock)
at jav a.lang.Object.wait(Object.java:484)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:116)
- locked <0x02740a50> (a java.lang.ref.Reference$Lock)
"main" prio=6 tid=0x002a6000 nid=0xe8 runnable [0x0068f00 0..0x0068fe50]
java.lang.Thread.State: RUNNABLE
at java.io.FileInputStream.readBytes(Native Method)
a t java.io.FileInputStream.read(FileInputStream.java:199)
at sun.nio.cs.StreamDecoder.readBytes(StreamDe coder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.re ad(StreamDecoder.java:158)
- locked <0x0276c370> (a java.lang.Object)
at java.io.Console$LineReader. read(Console.java:408)
- locked <0x0276c370> (a java.lang.Object)
at java.io.Console.readline(Console.ja va:347)
at java.io.Console.readPassword(Console.java:298)
- locked <0x0276c370> (a java.lang.Object)
- locked <0x0276c378> (a java.lang.Object)
at TestConsole.main(TestConsole.java:6)
"VM Thread" prio=10 tid =0x0a8c1000 nid=0xd10 runnable
"VM Periodic Task Thread" prio=10 tid=0x0a8dc400 nid=0x438 waiting on condition
JNI global references: 563
Heap
def new generation total 960K, used 204K [0x02740000, 0x02840000, 0x02c20000 )
eden space 896K, 22% used [0x02740000, 0x02773190, 0x02820000)
from space 64K, 0% used [0x02820000, 0x0 2820000, 0x02830000)
to space 64K, 0% used [0x02830000, 0x02830000, 0x02840000)
tenured generation tota l 4096K, used 0K [0x02c20000, 0x03020000, 0x06740000)
the space 4096K, 0% used [0x02c20000, 0x02c20000, 0x 02c20200, 0x03020000)
compacting perm gen total 12288K, used 1883K [0x06740000, 0x07340000, 0x0a740000)
the space 12288K, 15% used [0x06740000, 0x06916ec0, 0x06917000, 0x07340000)
No shared spaces configured.
RajendraVittal
</Telnet-Windows>
<Windows-Xp machine>
<First-Window>
$ java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b74, mixed mode)
$ java TestConsole
Password:[1] + Done(137) java TestConsole
1716 Killed java
$
(Now if we type nothing will be displayed on console)
</First-Window>
<Second-Window>
C:\Documents and Settings\sqe>ps -al |grep java
sqe 1716 3708 8 187224 6760 21:26:54 0:00 java TestConsole
C:\Documents and Settings\sqe>kill -9 1716
C:\Documents and Settings\sqe>bash-3.00$
</Second-Window>
</Windows-Xp machine>
<Result-Windows>
This behaviour is specific to Linux
In Solaris and Windows the bug 6363043 still exists (Please see the Result) if the shell is killed, in which java process is running.
It seems to be security issue as it prints the password which entered in echo off mode.
<test-case>
bash-3.00$ cat TestConsole.java
import java.io.*;
class TestConsole {
public static void main(String ... args) throws Exception {
Console con = System.console();
if (con != null)
con.printf(new String( con.readPassword("%s","Password:")));
}
}
</test-case>
STEPS TO REPRODUCE :
Steps To Reproduce:
1) Execute the test case Solaris/Linux/Windows.
2) Type some characters "abcdef" ,when it prompts for password, and dont press Enter key.
3) Open another terminal, and kill the java process which is executing the TestConsole.
4) Now we can see the characters "abcedf" which are entered in echo off mode are printed on command line.
Istead of killing the java process, if the shell (bsh/ksh/csh) is killed on which java process is running, echo will be off in Solaris. In Windows if we kill the java process by kill -9 PID, the echo will be off (To produce this, we should run java in shell)
<Result in Linux>
[rg157576@jlab203 ~/Rajendra]$ $jdk/java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b74, mixed mode)
[rg157576@jlab203 ~/Rajendra]$ $jdk/java TestConsole
Password:Killed (Type characters and not enter key)
[rg157576@jlab203 ~/Rajendra]$ RajendraVittal
<output in Other window>
[rg157576@jlab203 ~]$ ps -al | grep java
0 S 158576 2560 1275 0 81 0 - 45980 schedu pts/0 00:00:00 java
[rg157576@jlab203 ~]$ kill -9 2560
</output in Other window>
</Result in Linux>
<Result-Solaris>
<First-Window>
client24:/home/rg157576/Rajendra 129 % bash
bash-3.00$ /net/sqindia/export/disk14/coresqe/releases/mustang/PIT75/solaris/bin/java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b73, mixed mode)
bash-3.00$ /net/sqindia/export/disk14/coresqe/releases/mustang/PIT75/solaris/bin/java TestConsole
Password:Killed
client24:/home/rg157576/Rajendra 130 % Exception in thread "main" java.io.IOError: java.io.IOException: I/O error
RajendraVittal: Command not found
client24:/home/rg157576/Rajendra 131 % at java.io.Console.readPassword(Console.java:300)
at TestConsole.main(TestConsole.java:6)
Caused by: java.io.IOException: I/O error
at java.io.FileInputStream.readBytes(Native Method)
at java.io.FileInputStream.read(FileInputStream.java:199)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.Console$LineReader.read(Console.java:408)
at java.io.Console.readline(Console.java:347)
at java.io.Console.readPassword(Console.java:298)
... 1 more
client24:/home/rg157576/Rajendra 131 %
(Now if typed characters,it wont be displayed on Console)
</First-Window>
<Second-Window>
bash-3.00$ ps -al | grep bash
0 S 158576 806 798 0 50 20 ? 372 ? pts/4 0:00 bash
0 R 158576 2001 1747 0 70 20 ? 373 pts/5 0:00 bash
0 S 158576 1533 1525 0 50 20 ? 374 ? pts/7 0:00 bash
0 S 158576 1465 1417 0 40 20 ? 371 ? pts/6 0:00 bash
0 S 158576 1627 1617 0 50 20 ? 373 ? pts/8 0:00 bash
0 S 158576 2007 1923 0 50 20 ? 373 ? pts/9 0:00 bash
bash-3.00$ kill -9 2007
bash-3.00$
<Second-Window>
</Result-Solaris>
<Result-Windows>
<Telnet To Windows Machine>
(Press Ctrl+c after typing password)
bash-3.00$ telnet J2DEmperor.india.sun.com
Trying 129.158.229.177...
Connected to J2DEmperor.india.sun.com.
Escape character is '^]'.
Welcome to MKS Telnet Server Version 4.62.0000.
login: sqe
password:
$ pwd
C:/Documents and Settings/sqe
$ cd ..
$ cd ..
$ cd work
$ java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b74, mixed mode)
$ java TestConsole
Password:2006-03-02 21:18:13
Full thread dump Java HotSpot(TM) Client VM (1.6.0-beta2-b74 mixed mode):
"Low Memo ry Detector" daemon prio=6 tid=0x0a8dac00 nid=0x5d0 runnable [0x00000000..0x00000000]
java.lang.Thread.State : RUNNABLE
"CompilerThread0" daemon prio=10 tid=0x0a8d9000 nid=0x7d8 waiting on condition [0x00000000..0x0aabf9 60]
java.lang.Thread.State: RUNNABLE
"Attach Listener" daemon prio=10 tid=0x0a8d7c00 nid=0xa88 runnable [0x00 000000..0x00000000]
java.lang.Thread.State: RUNNABLE
"Signal Dispatcher" daemon prio=10 tid=0x0a8d6c00 nid=0x 218 waiting on condition [0x00000000..0x00000000]
java.lang.Thread.State: RUNNABLE
"Finalizer" daemon prio=8 tid=0x0a8c8c00 nid=0xb20 in Object.wait() [0x0a9cf000..0x0a9cfc94]
java.lang.Thread.State: WAITING (on objec t monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x02740b50> (a java.lang.ref.ReferenceQu eue$Lock)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:116)
- locked <0x02740b50> (a java. lang.ref.ReferenceQueue$Lock)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:132)
at java.lang.r ef.Finalizer$FinalizerThread.run(Finalizer.java:159)
"Reference Handler" daemon prio=10 tid=0x0a8c4400 nid=0x91 c in Object.wait() [0x0a97f000..0x0a97fd14]
java.lang.Thread.State: WAITING (on object monitor)
at jav a.lang.Object.wait(Native Method)
- waiting on <0x02740a50> (a java.lang.ref.Reference$Lock)
at jav a.lang.Object.wait(Object.java:484)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:116)
- locked <0x02740a50> (a java.lang.ref.Reference$Lock)
"main" prio=6 tid=0x002a6000 nid=0xe8 runnable [0x0068f00 0..0x0068fe50]
java.lang.Thread.State: RUNNABLE
at java.io.FileInputStream.readBytes(Native Method)
a t java.io.FileInputStream.read(FileInputStream.java:199)
at sun.nio.cs.StreamDecoder.readBytes(StreamDe coder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.re ad(StreamDecoder.java:158)
- locked <0x0276c370> (a java.lang.Object)
at java.io.Console$LineReader. read(Console.java:408)
- locked <0x0276c370> (a java.lang.Object)
at java.io.Console.readline(Console.ja va:347)
at java.io.Console.readPassword(Console.java:298)
- locked <0x0276c370> (a java.lang.Object)
- locked <0x0276c378> (a java.lang.Object)
at TestConsole.main(TestConsole.java:6)
"VM Thread" prio=10 tid =0x0a8c1000 nid=0xd10 runnable
"VM Periodic Task Thread" prio=10 tid=0x0a8dc400 nid=0x438 waiting on condition
JNI global references: 563
Heap
def new generation total 960K, used 204K [0x02740000, 0x02840000, 0x02c20000 )
eden space 896K, 22% used [0x02740000, 0x02773190, 0x02820000)
from space 64K, 0% used [0x02820000, 0x0 2820000, 0x02830000)
to space 64K, 0% used [0x02830000, 0x02830000, 0x02840000)
tenured generation tota l 4096K, used 0K [0x02c20000, 0x03020000, 0x06740000)
the space 4096K, 0% used [0x02c20000, 0x02c20000, 0x 02c20200, 0x03020000)
compacting perm gen total 12288K, used 1883K [0x06740000, 0x07340000, 0x0a740000)
the space 12288K, 15% used [0x06740000, 0x06916ec0, 0x06917000, 0x07340000)
No shared spaces configured.
RajendraVittal
</Telnet-Windows>
<Windows-Xp machine>
<First-Window>
$ java -version
java version "1.6.0-auto"
Java(TM) SE Runtime Environment (build 1.6.0-auto-059)
Java HotSpot(TM) Client VM (build 1.6.0-beta2-b74, mixed mode)
$ java TestConsole
Password:[1] + Done(137) java TestConsole
1716 Killed java
$
(Now if we type nothing will be displayed on console)
</First-Window>
<Second-Window>
C:\Documents and Settings\sqe>ps -al |grep java
sqe 1716 3708 8 187224 6760 21:26:54 0:00 java TestConsole
C:\Documents and Settings\sqe>kill -9 1716
C:\Documents and Settings\sqe>bash-3.00$
</Second-Window>
</Windows-Xp machine>
<Result-Windows>
- relates to
-
JDK-6363043 Console will not return to original state when the process is killed with Ctrl+C (sol)
-
- Closed
-