-
Bug
-
Resolution: Fixed
-
P4
-
openjdk8u232
-
None
-
b07
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8239214 | openjdk8u252 | Andrew Hughes | P4 | Resolved | Fixed | b03 |
| JDK-8240051 | openjdk7u | Andrew Hughes | P4 | Resolved | Fixed | master |
Bug originally reported by Nathan Strong:
.................................................
The jdk8u232 release contains a regression in the following circumstance:
1. The platform is Windows-based
2. A Security Manager is enabled
3. A security policy has been specified granting access to “<<ALL FILES>>”
4. You attempt to call exists() on a File object created with an illegal filename (e.g. “/bad:path”, illegal because of the ‘:’)
Expected result: exists() returns false, because “can’t exist” implies “doesn’t exist”
Actual result: AccessControlException: access denied
This issue does *not* occur in jdk13.
Here’s the stack trace:
Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "\bad:path" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:886)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.File.exists(File.java:814)
at com.tripwire.Main.printFileExists(Main.java:16)
at com.tripwire.Main.main(Main.java:12)
Reproducer:
public class Main {
public static void main(String[] args) {
File invalidPath = new File("/bad:path");
File validPath = new File("/etc/hosts");
printFileExists(validPath);
printFileExists(invalidPath);
}
private static void printFileExists(File file) {
if(file.exists()) {
System.out.println(file + " exists");
} else {
System.out.println(file + " does not exist");
}
}
}
And here is the security policy:
grant {
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
};
.................................................
This bug was introduced with the 8u backport of 8213429.
.................................................
The jdk8u232 release contains a regression in the following circumstance:
1. The platform is Windows-based
2. A Security Manager is enabled
3. A security policy has been specified granting access to “<<ALL FILES>>”
4. You attempt to call exists() on a File object created with an illegal filename (e.g. “/bad:path”, illegal because of the ‘:’)
Expected result: exists() returns false, because “can’t exist” implies “doesn’t exist”
Actual result: AccessControlException: access denied
This issue does *not* occur in jdk13.
Here’s the stack trace:
Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "\bad:path" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:886)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.File.exists(File.java:814)
at com.tripwire.Main.printFileExists(Main.java:16)
at com.tripwire.Main.main(Main.java:12)
Reproducer:
public class Main {
public static void main(String[] args) {
File invalidPath = new File("/bad:path");
File validPath = new File("/etc/hosts");
printFileExists(validPath);
printFileExists(invalidPath);
}
private static void printFileExists(File file) {
if(file.exists()) {
System.out.println(file + " exists");
} else {
System.out.println(file + " does not exist");
}
}
}
And here is the security policy:
grant {
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
};
.................................................
This bug was introduced with the 8u backport of 8213429.
- backported by
-
JDK-8239214 File.exists throws AccessControlException for invalid paths when a SecurityManager is installed
-
- Resolved
-
-
-
- Resolved
-