RFC: Netx - Support VM arguments specified in the JNLP file

Omair Majid omajid at redhat.com
Fri Jun 5 12:20:21 PDT 2009 

Deepak Bhole wrote:
> 
> Yep, looks good. Please go ahead and apply. One minor thing you may want
> to consider btw... put a securitymanager AllPermissions() check inside
> setInitialArguments(). Only trusted code would have all perms. The
> reason for this is that initialArgs are used to launch another process,
> and one could in theory perhaps mangle them. Again though, this is
> totally optional because I honestly cannot come up with any way to
> exploit it, given how the code is laid out. So I leave it upto you.
> 

Updated version attached. A couple of changes. I added the security 
manager check. I also added a check for the arguments being passed to 
the java process (based on the list at [1]). I also noticed that the 
file name was being passed to Netx twice (didnt cause any issues, just 
seemed strange) and fixed that.

Thanks again for taking the time to review the patch!

ChangeLog:
2009-06-04  Omair Majid  <omajid at redhat.com>

     * rt/net/sourceforge/jnlp/JNLPFile.java
     (needsNewJVM): New function. Returns true if the JNLP file requires
     creating a new JVM.
     (getNewVMArgs): New function. Returns arguments to pass to the new
     JVM.
     * rt/net/sourceforge/jnlp/JREDesc.java
     (getVMArgs): Fix javadoc to reflect that return value can be null.
     * rt/net/sourceforge/jnlp/Launcher.java
     (launchExternal): Modify to take in arguments to pass to the JVM and
     arguments to pass to Netx. Try to use the local file to launch this
     instance if possible.
     (launchExternal): Delegate to new launchExternal.
     (launchExternal): New method. Take in arguments to pass to the JVM
     and arguments to pass to Netx. Launch Netx with the with the
     appropriate arguments.
     (launchApplication): If needed, launch a new JVM and pass along the
     Netx arguments.
     * rt/net/sourceforge/jnlp/Parser.java:
     (getJRE): Call checkVMArgs to check 'java-vm-args' for security. If
     that fails, assume 'java-vm-args' is null.
     (checkVMArgs): New method. Check that the vmArgs variable contains
     safe arguments only.
     * rt/net/sourceforge/jnlp/resources/Messages.properties:
     Add BXnofork.
     * rt/net/sourceforge/jnlp/runtime/Boot/java:
     Add -Xnofork to helpMessage
     (main): Check for '-Xnofork'. Set initial arguments.
     * rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java:
     Add forksAllowed to store whether creating a new JVM is allowed. Add
     initialArguments to store the arguments to Netx.
     (getForksAllowed): New function. Check if creating a new JVM is
     allowed.
     (setForksAllowed): New function. Set whether creating a JVM is
     allowed.
     (setInitialArguments): New function. Store the arguments passed to
     Netx.
     (getInitialArguments): New function. Return the arguments passed to
     Netx.


Cheers,
Omair

[1] 
http://java.sun.com/javase/6/docs/technotes/guides/javaws/developersguide/syntax.html#resources
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netx-jvm-args.patch
Type: text/x-patch
Size: 16903 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20090605/ec161351/netx-jvm-args.patch

More information about the distro-pkg-dev mailing list