JDK 9 Build 111 seems to miss some locale data, Lucene tests fail with Farsi and Thai language

Uwe Schindler uschindler at apache.org
Sat Mar 26 23:16:18 UTC 2016 

Hi Alan,

 

I added the following to the jdk-9/conf/security/java.policy as first line under localedata:

 

grant codeBase "jrt:/jdk.localedata" {

        permission java.lang.RuntimePermission "getClassLoader";

        permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";

        permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";

        permission java.util.PropertyPermission "*", "read";

};

 

Now all analysis tests pass, also the small test program posted previously:

 

$ java -Djava.security.manager Test

class sun.util.locale.provider.DictionaryBasedBreakIterator

 

FYI: Lucene runs all tests with a security manager to enforce some restrictions (so tests can't escape their working dir, no useless permissions are required that may conflict,...). Lucene is designed to work with lowest permissions (except the memory mapping unmapper).

 

I will patch the Jenkins Server's JDK-9 b111 dirs the same way, so we can run tests.

 

I have the following question: Why don’t we see an exception when loading the locale data? Shouln’t Java fail in some way and print a stack trace? It is just silent!

 

Uwe

 

-----

Uwe Schindler

uschindler at apache.org 

ASF Member, Apache Lucene PMC / Committer

Bremen, Germany

http://lucene.apache.org/

 

 

> -----Original Message-----

> From: Alan Bateman [mailto:Alan.Bateman at oracle.com]

> Sent: Saturday, March 26, 2016 11:05 PM

> To: Uwe Schindler <uschindler at apache.org>

> Cc: 'Rory O'Donnell' <rory.odonnell at oracle.com>; 'Core-Libs-Dev' <core-libs-

> dev at openjdk.java.net>; 'Robert Muir' <rcmuir at gmail.com>;

> dev at lucene.apache.org

> Subject: Re: JDK 9 Build 111 seems to miss some locale data, Lucene tests fail

> with Farsi and Thai language

> 

> 

> On 26/03/2016 19:11, Uwe Schindler wrote:

> > Hi Alan, hi Robert, Hi Lucene developers,

> >

> > I was able to reproduce the bug in isolation. The reason why Robert and

> you did not see it was quite simple:

> > - You need to enable a security manager

> > - You need to list all locales before

> >

> >

> Thanks, that's enough to understand the issue. There is code in

> ResourceBundleProviderSupport trying to do a privileged operation with

> less privileged on the stack.

> 

> As a temporary workaround, could you update the policy file

> (conf/security/java.policy) to grant an addition permission to

> jrt:/jdk.localedata

>    permission java.lang.RuntimePermission "getClassLoader";

> 

> I'll create a bug for the issue now.

> 

> -Alan.

More information about the core-libs-dev mailing list