[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cp-patches] Patch: infinite loop in security manager
|
From: |
Gary Benson |
|
Subject: |
[cp-patches] Patch: infinite loop in security manager |
|
Date: |
Wed, 16 Nov 2005 12:54:23 +0000 |
Michael Koch wrote:
> On Wed, Nov 16, 2005 at 11:56:37AM +0000, Gary Benson wrote:
> > I found a bug where the thing that throws SecurityExceptions can
> > itself cause a SecurityException to be thrown causing an infinite
> > loop.
> >
> > When java.security.AccessControlContext.checkPermission decides
> > that a permission is denied it throws the exception with the
> > following line:
> >
> > throw new AccessControlException ("permission "
> > + perm
> > + " not granted: "
> > + domain
> > + " does not imply it.");
> >
> > Where "domain" is a java.security.ProtectionDomain, whose
> > toString() method calls System.getProperty("line.separator"). If
> > your security policy denies read access to that system property
> > then it's going to end up trying to throw the same
> > AccessControlException and failing to access line.separator again,
> > ad infinitum (until you run out of stack).
> >
> > I wasn't sure quite how best to fix this so I haven't made a patch.
>
> The solution is to use gnu.classpath.SystemProperties.getProperty(...).
> This does no security check. It is exactly for such issues.
Sure, here you are.
Cheers,
Gary
patch
Description: Text document
- [cp-patches] Patch: infinite loop in security manager,
Gary Benson <=