-
Bug
-
Resolution: Fixed
-
P3
-
8u102
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8183865 | 8u161 | Poonam Bajaj Parhar | P3 | Resolved | Fixed | b01 |
| JDK-8192679 | emb-8u161 | Poonam Bajaj Parhar | P3 | Resolved | Fixed | b01 |
FULL PRODUCT VERSION :
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.14393]
EXTRA RELEVANT SYSTEM CONFIGURATION :
RES ONE Workspace
A DESCRIPTION OF THE PROBLEM :
When our application is started on a Windows computer where the system administrator has used RES ONE Workspace to revoke rights to create folders in C:\ProgramData and to run the Windows ICACLS.EXE command line tool users receive a security warning that running ICACLS.EXE is prohibited.
Investigating with Process Monitor (*) shows that the JRE attempts to create the folder C:\ProgramData\Oracle\Java\.oracle_jre_usage. That fails because the rights have been revoked, but the JRE attempts to launch ICACLS.EXE to anyway.
* https://technet.microsoft.com/en-us/sysinternals/processmonitor
REGRESSION. Last worked in version 8u92
ADDITIONAL REGRESSION INFORMATION:
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
In an elevated command prompt, remove user rights over C:\ProgramData and start Process Monitor:
C:\>icacls ProgramData /remove builtin\users
processed file: ProgramData
Successfully processed 1 files; Failed processing 0 files
C:\>procmon
In another, non-admin, non-elevated command prompt:
C:\>java -version
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would expect the Process Monitor output to contain a single failed attempt to create C:\ProgramData\Oracle, no other attempts to create folders below that, and especially no attempts to use ICACLS.EXE to manipulate folders and files that could not be created in the first place.
ACTUAL -
After a failed attempt to create C:\ProgramData\Oracle, attempts follow to create folders C:\ProgramData\Oracle\Java, C:\ProgramData\Oracle\Java\.oracle_jre_usage. After that ICACLS is run specifying the non-existing C:\ProgramData\Oracle\Java\.oracle_jre_usage as a parameter. Also an attempt is made to create C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp.
On systems managed with RES ONE Workspace the end user sees an alarming security warning about ICACLS.EXE.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
10:26:57.8336204 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8336898 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8337512 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8338272 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8338790 java.exe 7764 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8339037 java.exe 7764 QueryDirectory C:\ProgramData SUCCESS Filter: ProgramData, 1: ProgramData
10:26:57.8339253 java.exe 7764 CloseFile C:\ SUCCESS
10:26:57.8339950 java.exe 7764 CreateFile C:\ProgramData ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8340772 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8341406 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8341748 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8342078 java.exe 7764 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8342314 java.exe 7764 QueryDirectory C:\ProgramData SUCCESS Filter: ProgramData, 1: ProgramData
10:26:57.8342524 java.exe 7764 CloseFile C:\ SUCCESS
10:26:57.8343201 java.exe 7764 CreateFile C:\ProgramData ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8343927 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8344936 java.exe 7764 CreateFile C:\ProgramData\Oracle NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8345465 java.exe 7764 CreateFile C:\ProgramData\Oracle ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8345884 java.exe 7764 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8346123 java.exe 7764 QueryDirectory C:\ProgramData SUCCESS Filter: ProgramData, 1: ProgramData
10:26:57.8346330 java.exe 7764 CloseFile C:\ SUCCESS
10:26:57.8346982 java.exe 7764 CreateFile C:\ProgramData ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8348438 java.exe 7764 CreateFile C:\ProgramData\Oracle NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8349718 java.exe 7764 CreateFile C:\ProgramData SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8349957 java.exe 7764 QueryNetworkOpenInformationFile C:\ProgramData SUCCESS CreationTime: 16/07/2016 12:47:48, LastAccessTime: 03/11/2016 10:24:44, LastWriteTime: 03/11/2016 10:24:44, ChangeTime: 03/11/2016 10:24:44, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: HD
10:26:57.8350073 java.exe 7764 CloseFile C:\ProgramData SUCCESS
10:26:57.8351089 java.exe 7764 CreateFile C:\ProgramData SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8351316 java.exe 7764 QueryNetworkOpenInformationFile C:\ProgramData SUCCESS CreationTime: 16/07/2016 12:47:48, LastAccessTime: 03/11/2016 10:24:44, LastWriteTime: 03/11/2016 10:24:44, ChangeTime: 03/11/2016 10:24:44, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: HD
10:26:57.8351427 java.exe 7764 CloseFile C:\ProgramData SUCCESS
10:26:57.8352050 java.exe 7764 CreateFile C:\ProgramData\Oracle ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8353006 java.exe 7764 CreateFile C:\ProgramData\Oracle NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8353669 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8360427 java.exe 7764 CreateFile C:\prog\jdk1.8.0_112\bin\icacls.exe REPARSE Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: <unknown>
10:26:57.8361391 java.exe 7764 CreateFile C:\prog\jdk1.8.0_112\bin\icacls.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8362390 java.exe 7764 CreateFile C:\icacls.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8363451 java.exe 7764 CreateFile C:\Windows\System32\icacls.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8363809 java.exe 7764 QueryBasicInformationFile C:\Windows\System32\icacls.exe SUCCESS CreationTime: 16/07/2016 12:42:23, LastAccessTime: 16/07/2016 12:42:23, LastWriteTime: 16/07/2016 12:42:23, ChangeTime: 23/09/2016 10:01:42, FileAttributes: A
10:26:57.8363932 java.exe 7764 CloseFile C:\Windows\System32\icacls.exe SUCCESS
10:26:57.8364978 java.exe 7764 CreateFile C:\Windows\System32\icacls.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8365257 java.exe 7764 QueryBasicInformationFile C:\Windows\System32\icacls.exe SUCCESS CreationTime: 16/07/2016 12:42:23, LastAccessTime: 16/07/2016 12:42:23, LastWriteTime: 16/07/2016 12:42:23, ChangeTime: 23/09/2016 10:01:42, FileAttributes: A
10:26:57.8365371 java.exe 7764 CloseFile C:\Windows\System32\icacls.exe SUCCESS
10:26:57.8366264 java.exe 7764 CreateFile C:\Windows\System32\icacls.exe SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8368431 java.exe 7764 CreateFileMapping C:\Windows\System32\icacls.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
10:26:57.8369077 java.exe 7764 CreateFileMapping C:\Windows\System32\icacls.exe SUCCESS SyncType: SyncTypeOther
10:26:57.8369646 java.exe 7764 QuerySecurityFile C:\Windows\System32\icacls.exe SUCCESS Information: Label
10:26:57.8369930 java.exe 7764 QuerySecurityFile C:\Windows\System32\icacls.exe SUCCESS Information: Owner, Group, DACL, SACL, Label, Process Trust Label
10:26:57.8370041 java.exe 7764 QueryNameInformationFile C:\Windows\System32\icacls.exe SUCCESS Name: \Windows\System32\icacls.exe
10:26:57.8371651 java.exe 7764 Process Create C:\WINDOWS\SYSTEM32\icacls.exe SUCCESS PID: 1808, Command line: icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
10:26:57.8374860 java.exe 7764 QuerySecurityFile C:\Windows\System32\icacls.exe SUCCESS Information: Owner, Group, DACL, SACL, Label, Process Trust Label
10:26:57.8375528 java.exe 7764 CreateFile C:\Windows\AppPatch\sysmain.sdb SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
10:26:57.8376177 java.exe 7764 QueryBasicInformationFile C:\Windows\AppPatch\sysmain.sdb SUCCESS CreationTime: 30/09/2016 11:29:43, LastAccessTime: 30/09/2016 11:29:43, LastWriteTime: 15/09/2016 16:08:54, ChangeTime: 03/10/2016 20:21:19, FileAttributes: A
10:26:57.8376299 java.exe 7764 CloseFile C:\Windows\AppPatch\sysmain.sdb SUCCESS
10:26:57.8377090 java.exe 7764 CreateFile C:\Windows\AppPatch\apppatch64\sysmain.sdb SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
10:26:57.8377659 java.exe 7764 QueryBasicInformationFile C:\Windows\AppPatch\apppatch64\sysmain.sdb SUCCESS CreationTime: 30/09/2016 11:28:33, LastAccessTime: 30/09/2016 11:28:33, LastWriteTime: 15/09/2016 16:02:34, ChangeTime: 03/10/2016 20:21:19, FileAttributes: A
10:26:57.8377775 java.exe 7764 CloseFile C:\Windows\AppPatch\apppatch64\sysmain.sdb SUCCESS
10:26:57.8378068 java.exe 7764 QueryBasicInformationFile C:\Windows\System32\icacls.exe SUCCESS CreationTime: 16/07/2016 12:42:23, LastAccessTime: 16/07/2016 12:42:23, LastWriteTime: 16/07/2016 12:42:23, ChangeTime: 23/09/2016 10:01:42, FileAttributes: A
10:26:57.8386380 java.exe 7764 CloseFile C:\Windows\System32\icacls.exe SUCCESS
10:26:57.8389093 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp PATH NOT FOUND Desired Access: Generic Read/Write, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8390026 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.14393]
EXTRA RELEVANT SYSTEM CONFIGURATION :
RES ONE Workspace
A DESCRIPTION OF THE PROBLEM :
When our application is started on a Windows computer where the system administrator has used RES ONE Workspace to revoke rights to create folders in C:\ProgramData and to run the Windows ICACLS.EXE command line tool users receive a security warning that running ICACLS.EXE is prohibited.
Investigating with Process Monitor (*) shows that the JRE attempts to create the folder C:\ProgramData\Oracle\Java\.oracle_jre_usage. That fails because the rights have been revoked, but the JRE attempts to launch ICACLS.EXE to anyway.
* https://technet.microsoft.com/en-us/sysinternals/processmonitor
REGRESSION. Last worked in version 8u92
ADDITIONAL REGRESSION INFORMATION:
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
In an elevated command prompt, remove user rights over C:\ProgramData and start Process Monitor:
C:\>icacls ProgramData /remove builtin\users
processed file: ProgramData
Successfully processed 1 files; Failed processing 0 files
C:\>procmon
In another, non-admin, non-elevated command prompt:
C:\>java -version
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would expect the Process Monitor output to contain a single failed attempt to create C:\ProgramData\Oracle, no other attempts to create folders below that, and especially no attempts to use ICACLS.EXE to manipulate folders and files that could not be created in the first place.
ACTUAL -
After a failed attempt to create C:\ProgramData\Oracle, attempts follow to create folders C:\ProgramData\Oracle\Java, C:\ProgramData\Oracle\Java\.oracle_jre_usage. After that ICACLS is run specifying the non-existing C:\ProgramData\Oracle\Java\.oracle_jre_usage as a parameter. Also an attempt is made to create C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp.
On systems managed with RES ONE Workspace the end user sees an alarming security warning about ICACLS.EXE.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
10:26:57.8336204 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8336898 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8337512 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8338272 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8338790 java.exe 7764 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8339037 java.exe 7764 QueryDirectory C:\ProgramData SUCCESS Filter: ProgramData, 1: ProgramData
10:26:57.8339253 java.exe 7764 CloseFile C:\ SUCCESS
10:26:57.8339950 java.exe 7764 CreateFile C:\ProgramData ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8340772 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8341406 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8341748 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8342078 java.exe 7764 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8342314 java.exe 7764 QueryDirectory C:\ProgramData SUCCESS Filter: ProgramData, 1: ProgramData
10:26:57.8342524 java.exe 7764 CloseFile C:\ SUCCESS
10:26:57.8343201 java.exe 7764 CreateFile C:\ProgramData ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8343927 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8344936 java.exe 7764 CreateFile C:\ProgramData\Oracle NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8345465 java.exe 7764 CreateFile C:\ProgramData\Oracle ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8345884 java.exe 7764 CreateFile C:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8346123 java.exe 7764 QueryDirectory C:\ProgramData SUCCESS Filter: ProgramData, 1: ProgramData
10:26:57.8346330 java.exe 7764 CloseFile C:\ SUCCESS
10:26:57.8346982 java.exe 7764 CreateFile C:\ProgramData ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8348438 java.exe 7764 CreateFile C:\ProgramData\Oracle NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8349718 java.exe 7764 CreateFile C:\ProgramData SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8349957 java.exe 7764 QueryNetworkOpenInformationFile C:\ProgramData SUCCESS CreationTime: 16/07/2016 12:47:48, LastAccessTime: 03/11/2016 10:24:44, LastWriteTime: 03/11/2016 10:24:44, ChangeTime: 03/11/2016 10:24:44, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: HD
10:26:57.8350073 java.exe 7764 CloseFile C:\ProgramData SUCCESS
10:26:57.8351089 java.exe 7764 CreateFile C:\ProgramData SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8351316 java.exe 7764 QueryNetworkOpenInformationFile C:\ProgramData SUCCESS CreationTime: 16/07/2016 12:47:48, LastAccessTime: 03/11/2016 10:24:44, LastWriteTime: 03/11/2016 10:24:44, ChangeTime: 03/11/2016 10:24:44, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: HD
10:26:57.8351427 java.exe 7764 CloseFile C:\ProgramData SUCCESS
10:26:57.8352050 java.exe 7764 CreateFile C:\ProgramData\Oracle ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8353006 java.exe 7764 CreateFile C:\ProgramData\Oracle NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8353669 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8360427 java.exe 7764 CreateFile C:\prog\jdk1.8.0_112\bin\icacls.exe REPARSE Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: <unknown>
10:26:57.8361391 java.exe 7764 CreateFile C:\prog\jdk1.8.0_112\bin\icacls.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8362390 java.exe 7764 CreateFile C:\icacls.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
10:26:57.8363451 java.exe 7764 CreateFile C:\Windows\System32\icacls.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8363809 java.exe 7764 QueryBasicInformationFile C:\Windows\System32\icacls.exe SUCCESS CreationTime: 16/07/2016 12:42:23, LastAccessTime: 16/07/2016 12:42:23, LastWriteTime: 16/07/2016 12:42:23, ChangeTime: 23/09/2016 10:01:42, FileAttributes: A
10:26:57.8363932 java.exe 7764 CloseFile C:\Windows\System32\icacls.exe SUCCESS
10:26:57.8364978 java.exe 7764 CreateFile C:\Windows\System32\icacls.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8365257 java.exe 7764 QueryBasicInformationFile C:\Windows\System32\icacls.exe SUCCESS CreationTime: 16/07/2016 12:42:23, LastAccessTime: 16/07/2016 12:42:23, LastWriteTime: 16/07/2016 12:42:23, ChangeTime: 23/09/2016 10:01:42, FileAttributes: A
10:26:57.8365371 java.exe 7764 CloseFile C:\Windows\System32\icacls.exe SUCCESS
10:26:57.8366264 java.exe 7764 CreateFile C:\Windows\System32\icacls.exe SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
10:26:57.8368431 java.exe 7764 CreateFileMapping C:\Windows\System32\icacls.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
10:26:57.8369077 java.exe 7764 CreateFileMapping C:\Windows\System32\icacls.exe SUCCESS SyncType: SyncTypeOther
10:26:57.8369646 java.exe 7764 QuerySecurityFile C:\Windows\System32\icacls.exe SUCCESS Information: Label
10:26:57.8369930 java.exe 7764 QuerySecurityFile C:\Windows\System32\icacls.exe SUCCESS Information: Owner, Group, DACL, SACL, Label, Process Trust Label
10:26:57.8370041 java.exe 7764 QueryNameInformationFile C:\Windows\System32\icacls.exe SUCCESS Name: \Windows\System32\icacls.exe
10:26:57.8371651 java.exe 7764 Process Create C:\WINDOWS\SYSTEM32\icacls.exe SUCCESS PID: 1808, Command line: icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
10:26:57.8374860 java.exe 7764 QuerySecurityFile C:\Windows\System32\icacls.exe SUCCESS Information: Owner, Group, DACL, SACL, Label, Process Trust Label
10:26:57.8375528 java.exe 7764 CreateFile C:\Windows\AppPatch\sysmain.sdb SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
10:26:57.8376177 java.exe 7764 QueryBasicInformationFile C:\Windows\AppPatch\sysmain.sdb SUCCESS CreationTime: 30/09/2016 11:29:43, LastAccessTime: 30/09/2016 11:29:43, LastWriteTime: 15/09/2016 16:08:54, ChangeTime: 03/10/2016 20:21:19, FileAttributes: A
10:26:57.8376299 java.exe 7764 CloseFile C:\Windows\AppPatch\sysmain.sdb SUCCESS
10:26:57.8377090 java.exe 7764 CreateFile C:\Windows\AppPatch\apppatch64\sysmain.sdb SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
10:26:57.8377659 java.exe 7764 QueryBasicInformationFile C:\Windows\AppPatch\apppatch64\sysmain.sdb SUCCESS CreationTime: 30/09/2016 11:28:33, LastAccessTime: 30/09/2016 11:28:33, LastWriteTime: 15/09/2016 16:02:34, ChangeTime: 03/10/2016 20:21:19, FileAttributes: A
10:26:57.8377775 java.exe 7764 CloseFile C:\Windows\AppPatch\apppatch64\sysmain.sdb SUCCESS
10:26:57.8378068 java.exe 7764 QueryBasicInformationFile C:\Windows\System32\icacls.exe SUCCESS CreationTime: 16/07/2016 12:42:23, LastAccessTime: 16/07/2016 12:42:23, LastWriteTime: 16/07/2016 12:42:23, ChangeTime: 23/09/2016 10:01:42, FileAttributes: A
10:26:57.8386380 java.exe 7764 CloseFile C:\Windows\System32\icacls.exe SUCCESS
10:26:57.8389093 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp PATH NOT FOUND Desired Access: Generic Read/Write, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
10:26:57.8390026 java.exe 7764 CreateFile C:\ProgramData\Oracle\Java\.oracle_jre_usage\5726f39adf56d625.timestamp PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
REPRODUCIBILITY :
This bug can be reproduced always.
- backported by
-
JDK-8183865 JRE 8u112 attempts to run ICACLS.EXE on startup in Windows 10 Version 1607, build 14393
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Closed
-