6980747: Runtime.exec can fail due to SecurityException (lnx)
authormartin
Sat, 28 Aug 2010 12:15:52 -0700 (2010-08-28)
changeset 6516 8c52bb671f3e
parent 6515 7a5ccc90b436
child 6517 151856936fd8
6980747: Runtime.exec can fail due to SecurityException (lnx) Summary: Add missing doPrivileged to UNIXProcess.java.linux Reviewed-by: alanb
jdk/src/solaris/classes/java/lang/UNIXProcess.java.linux
jdk/test/java/lang/ProcessBuilder/SecurityManagerClinit.java
--- a/jdk/src/solaris/classes/java/lang/UNIXProcess.java.linux	Wed Aug 25 15:35:45 2010 -0700
+++ b/jdk/src/solaris/classes/java/lang/UNIXProcess.java.linux	Sat Aug 28 12:15:52 2010 -0700
@@ -39,6 +39,7 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.ThreadFactory;
 import java.security.AccessController;
+import static java.security.AccessController.doPrivileged;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
@@ -94,14 +95,13 @@
         private final static ThreadGroup group = getRootThreadGroup();
 
         private static ThreadGroup getRootThreadGroup() {
-            return AccessController.doPrivileged
-            (new PrivilegedAction<ThreadGroup> () {
-            public ThreadGroup run() {
-                ThreadGroup root = Thread.currentThread().getThreadGroup();
-                while (root.getParent() != null)
-                    root = root.getParent();
-                return root;
-            }});
+            return doPrivileged(new PrivilegedAction<ThreadGroup> () {
+                public ThreadGroup run() {
+                    ThreadGroup root = Thread.currentThread().getThreadGroup();
+                    while (root.getParent() != null)
+                        root = root.getParent();
+                    return root;
+                }});
         }
 
         public Thread newThread(Runnable grimReaper) {
@@ -117,8 +117,12 @@
     /**
      * The thread pool of "process reaper" daemon threads.
      */
-    private static final Executor processReaperExecutor
-        = Executors.newCachedThreadPool(new ProcessReaperThreadFactory());
+    private static final Executor processReaperExecutor =
+        doPrivileged(new PrivilegedAction<Executor>() {
+            public Executor run() {
+                return Executors.newCachedThreadPool
+                    (new ProcessReaperThreadFactory());
+            }});
 
     UNIXProcess(final byte[] prog,
                 final byte[] argBlock, final int argc,
@@ -136,8 +140,7 @@
                           redirectErrorStream);
 
         try {
-            AccessController.doPrivileged
-            (new PrivilegedExceptionAction<Void>() {
+            doPrivileged(new PrivilegedExceptionAction<Void>() {
                 public Void run() throws IOException {
                     initStreams(fds);
                     return null;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/ProcessBuilder/SecurityManagerClinit.java	Sat Aug 28 12:15:52 2010 -0700
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2010 Google Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6980747
+ * @summary Check that Process-related classes have the proper
+ *     doPrivileged blocks, and can be initialized with an adversarial
+ *     security manager.
+ * @run main/othervm SecurityManagerClinit
+ * @author Martin Buchholz
+ */
+
+import java.io.*;
+import java.security.*;
+
+public class SecurityManagerClinit {
+    private static class Policy extends java.security.Policy {
+        private Permissions perms;
+
+        public Policy(Permission... permissions) {
+            perms = new Permissions();
+            for (Permission permission : permissions)
+                perms.add(permission);
+        }
+
+        public boolean implies(ProtectionDomain pd, Permission p) {
+            return perms.implies(p);
+        }
+    }
+
+    public static void main(String[] args) throws Throwable {
+        String javaExe =
+            System.getProperty("java.home") +
+            File.separator + "bin" + File.separator + "java";
+
+        // A funky contrived security setup, just for bug repro purposes.
+        java.security.Security.setProperty("package.access", "java.util");
+
+        final Policy policy =
+            new Policy
+            (new FilePermission("<<ALL FILES>>", "execute"),
+             new RuntimePermission("setSecurityManager"));
+        Policy.setPolicy(policy);
+
+        System.setSecurityManager(new SecurityManager());
+
+        try {
+            String[] cmd = { javaExe, "-version" };
+            Process p = Runtime.getRuntime().exec(cmd);
+            p.getOutputStream().close();
+            p.getInputStream().close();
+            p.getErrorStream().close();
+            p.waitFor();
+        } finally {
+            System.setSecurityManager(null);
+        }
+    }
+}