8208691: Tighten up jdk.includeInExceptions security property
Summary: Add stronger warning on usage and add test to check that property is not set
Reviewed-by: alanb, rriggs
--- a/src/java.base/share/conf/security/java.security Mon Aug 06 22:30:37 2018 -0400
+++ b/src/java.base/share/conf/security/java.security Tue Aug 07 10:29:01 2018 -0400
@@ -1070,6 +1070,11 @@
# case-insensitive. Leading and trailing whitespaces, surrounding each value,
# are ignored. Unknown values are ignored.
#
+# NOTE: Use caution before setting this property. Setting this property
+# exposes sensitive information in Exceptions, which could, for example,
+# propagate to untrusted code or be emitted in stack traces that are
+# inadvertently disclosed and made accessible over a public network.
+#
# The categories are:
#
# hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the
--- a/test/jdk/java/net/Socket/ExceptionText.java Mon Aug 06 22:30:37 2018 -0400
+++ b/test/jdk/java/net/Socket/ExceptionText.java Tue Aug 07 10:29:01 2018 -0400
@@ -25,10 +25,12 @@
* @test
* @library /test/lib
* @build jdk.test.lib.Utils
- * @bug 8204233 8207846
+ * @bug 8204233 8207846 8208691
* @summary Add configurable option for enhanced socket IOException messages
* @run main/othervm
* ExceptionText
+ * @run main/othervm
+ * ExceptionText
* WITHOUT_Enhanced_Text
* @run main/othervm
* -Djdk.includeInExceptions=
@@ -62,6 +64,7 @@
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.ClosedChannelException;
import java.nio.channels.SocketChannel;
+import java.security.Security;
import java.util.concurrent.ExecutionException;
import jdk.test.lib.Utils;
@@ -70,20 +73,33 @@
enum TestTarget {SOCKET, CHANNEL, ASYNC_CHANNEL};
public static void main(String args[]) throws Exception {
- String passOrFail = args[0];
- boolean expectEnhancedText;
- if (passOrFail.equals("expectEnhancedText")) {
- expectEnhancedText = true;
+ if (args.length == 0) {
+ testSecProp();
} else {
- expectEnhancedText = false;
+ String passOrFail = args[0];
+ boolean expectEnhancedText;
+ if (passOrFail.equals("expectEnhancedText")) {
+ expectEnhancedText = true;
+ } else {
+ expectEnhancedText = false;
+ }
+ test(expectEnhancedText);
}
- test(expectEnhancedText);
}
static final InetSocketAddress dest = Utils.refusingEndpoint();
static final String PORT = ":" + Integer.toString(dest.getPort());
static final String HOST = dest.getHostString();
+ static void testSecProp() {
+ String incInExc = Security.getProperty("jdk.includeInExceptions");
+ if (incInExc != null) {
+ throw new RuntimeException("Test failed: default value of " +
+ "jdk.includeInExceptions security property is not null: " +
+ incInExc);
+ }
+ }
+
static void test(boolean withProperty) {
// Socket
IOException e = getException(TestTarget.SOCKET);