Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8361911

System.console() should only be available for interactive terminal

XMLWordPrintable

    • behavioral
    • low
    • Hide
      Applications that expect `System.console()` to return non-null when standard input/output is redirected may be affected. While the current JDK (as of version 25) adopts the new behavior by default, making the risk low, the issue can resurface when the JLine provider is requested via the system property `-Djdk.console=jdk.internal.le` and when I/O has been redirected.
      Show
      Applications that expect `System.console()` to return non-null when standard input/output is redirected may be affected. While the current JDK (as of version 25) adopts the new behavior by default, making the risk low, the issue can resurface when the JLine provider is requested via the system property `-Djdk.console=jdk.internal.le` and when I/O has been redirected.
    • Java API
    • JDK

      Summary

      System.console() should return a non-null Console instance only when both standard input and output are connected to a terminal.

      Problem

      The current java.io.Console class description reads:

      If this virtual machine has a console then it is represented by a unique instance
of this class which can be obtained by invoking the System.console() method.
If no console device is available then an invocation of that method will return null.

      Thus, it is up to the implementation to determine under what conditions a Console instance is returned. In recent JDK releases, a JLine-based Console implementation ("JLine provider") is available, which provides a Console instance even when standard input and/or output is redirected. On the contrary, the built-in Console implementation in the java.base module ("base provider") never returns a Console instance when I/O is redirected. (That is, System.console() returns null.) The user can choose the console provider by specifying the -Djdk.console=jdk.internal.le or -Djdk.console=java.base options on the command line.

      Here is a chart that describes the timeline of the implementation changes.

      JDK version Description Issue ID
      JDK 19 and earlier base provider only N/A
      JDK 20 base provider default, JLine provider opt-in JDK-8299689
      JDK 22 JLine provider default, base provider opt-in JDK-8308591
      JDK 25 base provider default, JLine provider opt-in JDK-8351435

      The JLine provider was the default in JDK 22 through JDK 24, and so in those releases, System.console() would return a non-null Console instance when I/O was redirected. If the user has requested the JLine provider, this behavior can occur in any release from JDK 20 onwards.

      The ability to obtain a non-null Console instance when I/O has been redirected is problematic, mainly because of the readPassword() method. This method can issue a prompt and then read a password with echoing disabled. If I/O has been redirected, the prompt might not be visible to the user, or the password might be read without echoing disabled. Either behavior seems inadvisable from a security perspective.

      Solution

      Enforce the rule that System.console() returns a non-null Console instance only when both standard input and standard output are connected to a terminal (that is, in the absence of redirection). If I/O has been redirected, System.console() always returns null. This behavior should be consistent regardless of whether the base provider or the JLine provider is in use.

      Specification

      N/A. This is a behavioral change only.

            naoto Naoto Sato
            naoto Naoto Sato
            Alan Bateman, Jan Lahoda, Stuart Marks
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: