8208691: Tighten up jdk.includeInExceptions security property
authormullan
Tue, 07 Aug 2018 10:29:01 -0400
changeset 51356 88d9be7f52c5
parent 51355 9fb336cee537
child 51357 f689461b1684
8208691: Tighten up jdk.includeInExceptions security property Summary: Add stronger warning on usage and add test to check that property is not set Reviewed-by: alanb, rriggs
src/java.base/share/conf/security/java.security
test/jdk/java/net/Socket/ExceptionText.java
--- a/src/java.base/share/conf/security/java.security	Mon Aug 06 22:30:37 2018 -0400
+++ b/src/java.base/share/conf/security/java.security	Tue Aug 07 10:29:01 2018 -0400
@@ -1070,6 +1070,11 @@
 # case-insensitive. Leading and trailing whitespaces, surrounding each value,
 # are ignored. Unknown values are ignored.
 #
+# NOTE: Use caution before setting this property. Setting this property
+# exposes sensitive information in Exceptions, which could, for example,
+# propagate to untrusted code or be emitted in stack traces that are
+# inadvertently disclosed and made accessible over a public network.
+#
 # The categories are:
 #
 #  hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the
--- a/test/jdk/java/net/Socket/ExceptionText.java	Mon Aug 06 22:30:37 2018 -0400
+++ b/test/jdk/java/net/Socket/ExceptionText.java	Tue Aug 07 10:29:01 2018 -0400
@@ -25,10 +25,12 @@
  * @test
  * @library /test/lib
  * @build jdk.test.lib.Utils
- * @bug 8204233 8207846
+ * @bug 8204233 8207846 8208691
  * @summary Add configurable option for enhanced socket IOException messages
  * @run main/othervm
  *       ExceptionText
+ * @run main/othervm
+ *       ExceptionText
  *       WITHOUT_Enhanced_Text
  * @run main/othervm
  *       -Djdk.includeInExceptions=
@@ -62,6 +64,7 @@
 import java.nio.channels.AsynchronousSocketChannel;
 import java.nio.channels.ClosedChannelException;
 import java.nio.channels.SocketChannel;
+import java.security.Security;
 import java.util.concurrent.ExecutionException;
 import jdk.test.lib.Utils;
 
@@ -70,20 +73,33 @@
     enum TestTarget {SOCKET, CHANNEL, ASYNC_CHANNEL};
 
     public static void main(String args[]) throws Exception {
-        String passOrFail = args[0];
-        boolean expectEnhancedText;
-        if (passOrFail.equals("expectEnhancedText")) {
-            expectEnhancedText = true;
+        if (args.length == 0) {
+            testSecProp();
         } else {
-            expectEnhancedText = false;
+            String passOrFail = args[0];
+            boolean expectEnhancedText;
+            if (passOrFail.equals("expectEnhancedText")) {
+                expectEnhancedText = true;
+            } else {
+                expectEnhancedText = false;
+            }
+            test(expectEnhancedText);
         }
-        test(expectEnhancedText);
     }
 
     static final InetSocketAddress dest  = Utils.refusingEndpoint();
     static final String PORT = ":" + Integer.toString(dest.getPort());
     static final String HOST = dest.getHostString();
 
+    static void testSecProp() {
+        String incInExc = Security.getProperty("jdk.includeInExceptions");
+        if (incInExc != null) {
+            throw new RuntimeException("Test failed: default value of " +
+                "jdk.includeInExceptions security property is not null: " +
+                incInExc);
+        }
+    }
+
     static void test(boolean withProperty) {
         // Socket
         IOException e = getException(TestTarget.SOCKET);