Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8033924

Default permissions are not given for eval code

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 9
    • 9
    • core-libs
    • None
    • b04
    • generic
    • generic

        When javax.script API is used to evaluate a (string) script, the script does not get the default permissions given to any code. The same is true when "jjs" is run in interactive mode under security manager.

        {code}

        import javax.script.*;

        public class Main {
          public static void main(String[] ar) throws ScriptException {
             ScriptEngineManager m = new ScriptEngineManager();
             ScriptEngine e = m.getEngineByName("nashorn");
             System.out.println(e.eval("java.lang.System.getProperty('java.version')"));
          }
        }

        {code}

        results in security exception (it should not). Another example:

        jjs -J-Djava.security.manager
        jjs> java.lang.System.getProperty("java.version")
        java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.version" "read")

              sundar Sundararajan Athijegannathan
              sundar Sundararajan Athijegannathan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: