Proposed JEP: Safer Process Launch by ProcessBuilder and Runtime.exec
Roger Riggs
roger.riggs at oracle.com
Fri Jan 28 15:48:56 UTC 2022
Hi Raffaello,
For .exe executables, one example is an empty string in the list of
arguments to ProcessBuilder.
The empty string is not visible in the generated command line. For
position sensitive commands, it appears the argument is dropped.
An argument in ProcessBuilder with mismatched quotes can cause the
argument to be joined with the next in the generated command line.
A stray "\" at the end of an argument can cause the following character
to be quoted, possibly joining the argument with the next.
For .cmd executables, cmd.exe interprets more characters as argument
separators and will split arguments.
For example, an argument with a semi-colon or comma, (unquoted) will be
split into two arguments when parsed by cmd.exe.
The goal is to improve the integrity and robustness of the command encoding.
Thanks, Roger
On 1/28/22 4:07 AM, Raffaello Giulietti wrote:
> Hello,
>
> if I understand correctly, the issue addressed here (on Windows) is
> how to assemble a single command string from an array of argument
> strings to pass to CreateProcess() in a way that the individual
> argument strings can be fully recovered in the invoked program.
> Similarly when the command string is passed to an instance of cmd.exe.
>
> Are there known (non security critical) examples that do not work
> correctly JDK 18 or earlier?
>
>
> Greetings
> Raffaello
>
>
> On 2022-01-20 19:05, Roger Riggs wrote:
>> A JEP to Improve safety of process launch by ProcessBuilder and
>> Runtime.exec on Windows[1].
>>
>> Argument encoding errors have been problematic on Windows systems due to
>> improperly quoted command arguments.
>>
>> The idea is to tighten up quoting and encoding of command line
>> arguments.
>>
>> Comments appreciated, Roger
>>
>> [1] https://bugs.openjdk.java.net/browse/JDK-8263697
More information about the core-libs-dev
mailing list