Details
-
Bug
-
Resolution: Unresolved
-
P3
-
9, 17.0.1, 18
-
None
Description
One cannot affect the value of the ForkJoinPool COMMON_MAX_SPARES
without granting read permission for the java.util.concurrent.ForkJoinPool.common.maximumSpares
system property to the caller. The lack of a doPrivilege around the
reading of the property would appear to be an oversight.
Minimal testcase:
$ cat SMTest.java
import java.util.concurrent.ForkJoinPool;
public class SMTest {
public static void main(String... args) throws Exception {
System.setSecurityManager(new SecurityManager());
ForkJoinPool.commonPool().submit(() -> System.out.println("Hello there!")).join();
}
}
$ /Users/chegar/binaries/jdk-18.jdk/Contents/Home/bin/java -Djava.security.manager=allow -Djava.security.policy=java.policy -Djava.security.debug=access,failure SMTest
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by SMTest (file:/Users/chegar/tests/secmgr/fjp_jdk_bug/)
WARNING: Please consider reporting this to the maintainers of SMTest
WARNING: System::setSecurityManager will be removed in a future release
access: access allowed ("java.io.FilePermission" "/Users/chegar/tests/secmgr/fjp_jdk_bug" "read")
access: access denied ("java.util.PropertyPermission" "java.util.concurrent.ForkJoinPool.common.maximumSpares" "read")
java.lang.Exception: Stack trace
at java.base/java.lang.Thread.dumpStack(Thread.java:1380)
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:475)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)
at java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1155)
at java.base/java.lang.System.getProperty(System.java:931)
at java.base/java.util.concurrent.ForkJoinPool.<clinit>(ForkJoinPool.java:3499)
at SMTest.main(SMTest.java:7)
...
without granting read permission for the java.util.concurrent.ForkJoinPool.common.maximumSpares
system property to the caller. The lack of a doPrivilege around the
reading of the property would appear to be an oversight.
Minimal testcase:
$ cat SMTest.java
import java.util.concurrent.ForkJoinPool;
public class SMTest {
public static void main(String... args) throws Exception {
System.setSecurityManager(new SecurityManager());
ForkJoinPool.commonPool().submit(() -> System.out.println("Hello there!")).join();
}
}
$ /Users/chegar/binaries/jdk-18.jdk/Contents/Home/bin/java -Djava.security.manager=allow -Djava.security.policy=java.policy -Djava.security.debug=access,failure SMTest
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by SMTest (file:/Users/chegar/tests/secmgr/fjp_jdk_bug/)
WARNING: Please consider reporting this to the maintainers of SMTest
WARNING: System::setSecurityManager will be removed in a future release
access: access allowed ("java.io.FilePermission" "/Users/chegar/tests/secmgr/fjp_jdk_bug" "read")
access: access denied ("java.util.PropertyPermission" "java.util.concurrent.ForkJoinPool.common.maximumSpares" "read")
java.lang.Exception: Stack trace
at java.base/java.lang.Thread.dumpStack(Thread.java:1380)
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:475)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)
at java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1155)
at java.base/java.lang.System.getProperty(System.java:931)
at java.base/java.util.concurrent.ForkJoinPool.<clinit>(ForkJoinPool.java:3499)
at SMTest.main(SMTest.java:7)
...