[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security manager problem
|
From: |
Gary Benson |
|
Subject: |
Re: Security manager problem |
|
Date: |
Thu, 22 Dec 2005 15:15:37 +0000 |
Hi Mark,
Thanks for your quick reply, and apologies for my egregiously slow
one...
Mark Wielaard wrote:
> On Mon, 2005-12-12 at 17:55 +0000, Gary Benson wrote:
> > Gary Benson wrote:
> > > Robert Lougher wrote:
> > > > Do you have a testcase?
> > >
> > > If you build and run the attached testcase you ought to see
> > > only one checkPermission() between "Calling checkRead()" and
> > > "Done". ... In reality, JamVM chokes on it pretty hard. I
> > > _think_ what is happening is that the System.out.println in
> > > checkPermission() is itself doing some initialisation which
> > > causes security checks, causing an infinite loop.
> >
> > The initialisation in question turns out to be:
> >
> > 1. Loading java.lang.StringBuffer to build the message.
> > 2. Loading java.io.PrintStream to print it out.
> > 3. Converting the message to bytes using String.getBytes(encoding).
> >
> > Any one of them will trigger a security check and hence an infinite
> > loop.
>
> Aha! There is your clue. libgcj hasn't merged in the new nio charset
> provider setup. And indeed creating a new CharsetProvider requires a
> RuntimePermission("charsetProvider"). Even for creating the default
> provider. Which obviously should always be created, otherwise
> nothing works. It is safe in this case since we know the default
> provider doesn't do nasty things (or at least we hope so). So you
> need the attached patch to gnu/java/nio/charset/Provider.java.
Works perfectly, thanks.
> But even then you need some more workaround.
[snip]
>
> All this seems to come from having a user defined security
> manager loaded by a user defined class loader (the default
> System/Application class loader). We need to do ClassLoader.
> loadClass() checks in that case. But as shown in this example
> that leads very easily to recursive checkPermission() calls.
>
> I don't have a good idea how to make this easier. Any ideas?
Not really. It'd be interesting to see how other JVMs handle this,
but I doubt it matters much as extending SecurityManager isn't really
necessary these days.
Cheers (and Merry Christmas!)
Gary
- Security manager problem, Gary Benson, 2005/12/06
- Re: Security manager problem, Anthony Green, 2005/12/06
- Re: Security manager problem, Gary Benson, 2005/12/06
- Re: Security manager problem, Robert Lougher, 2005/12/06
- Re: Security manager problem, Gary Benson, 2005/12/07
- Re: Security manager problem, Gary Benson, 2005/12/12
- Re: Security manager problem, Mark Wielaard, 2005/12/13
- Re: Security manager problem,
Gary Benson <=
Re: Security manager problem, Tom Tromey, 2005/12/06