Proposed JEP: Safer Process Launch by ProcessBuilder and Runtime.exec
Raffaello Giulietti
raffaello.giulietti at gmail.com
Fri Jan 28 09:07:43 UTC 2022
Hello,
if I understand correctly, the issue addressed here (on Windows) is how
to assemble a single command string from an array of argument strings to
pass to CreateProcess() in a way that the individual argument strings
can be fully recovered in the invoked program.
Similarly when the command string is passed to an instance of cmd.exe.
Are there known (non security critical) examples that do not work
correctly JDK 18 or earlier?
Greetings
Raffaello
On 2022-01-20 19:05, Roger Riggs wrote:
> A JEP to Improve safety of process launch by ProcessBuilder and
> Runtime.exec on Windows[1].
>
> Argument encoding errors have been problematic on Windows systems due to
> improperly quoted command arguments.
>
> The idea is to tighten up quoting and encoding of command line arguments.
>
> Comments appreciated, Roger
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8263697
More information about the core-libs-dev
mailing list