Re: [icedtea-web] Bug: Unable to remove permissions on %USERPROFILE%.icedteasecuritytrusted.cacerts.tempon Windows

Jacob Wisor gitne at excite.co.jp
Tue Apr 9 05:00:58 PDT 2013


"Jiri Vanek"<jvanek at redhat.com> wrote:
> On 04/09/2013 02:01 AM, Jacob Wisor wrote:
> > Hello there!
> > 
> > I have come across a bug on Windows since the last patches on checks for absolutness of paths. Infact, I am not sure whether they are connected to this bug, hence I also do not want to make any asumption about the cause of it. Netx worked on Windows some recent patches before, and now it does not anymore. The application just exits with the attached stack trace and exceptions when no config exists in %USERPROFILE%.icedtea (that is running for the first time). The launching user has full permissions on all files and subfolders in his user profile folder. This bug persists when run as an administrator. It is definitly not a problem with incorrectly set permissions on trusted.cacerts.temp nor any inherited permissions.
> > I do not know whether this is reproducable on Linux systems.
> > 
> > @Jiri:
> > Could you have a look into this (I would like to be able to test the pl localization with a running application as well)? Or, should I rather report it via Bugzilla and hope for the best?
> > 
> > Regards,
> > Jacob
> > 
> 
> Hi again!
> Hmhmh, I can (partially - similar but not same chain of exceptions) reproduce when I remove .icedtea
> directory and  set my home to read only, But I doubt  that it is connected to recent patches.
> 
> By studying the exception:
>  - First -independent - exception is: Exception in thread "AWT-EventQueue-0"
> net.sourceforge.jnlp.util.lockingfile.StorageIoException: java.io.IOException: Proces nie moze
> uzyskac dostepu do pliku, poniewaz inny proces zablokowal jego czesc
> (translated as "The process can not access the file because another process has locked a portion")
>    * This happened immediately after start of itw-settings, and is moreover correct. No file to
> read, nor possibility to create (no .icedtea dir) .. however start continues (this is the only
> "added by new patch").
> Then two more exceptions from old code arise:
> java.lang.NullPointerException at
> net.sourceforge.jnlp.security.viewer.CertificatePane.readKeyStore(CertificatePane.java:263)
> and
> java.io.IOException: Removing execute permissions on file
> C:UsersJakob.icedteasecuritytrusted.cacerts.temp failed
>         at net.sourceforge.jnlp.util.FileUtils.createRestrictedFile(FileUtils.java:181)
>  * all three are unrelated in meaning each to each, but have same root - tehy can not create their
> config files.
> 
> 
> So the underlying issue is definitely hidden in disability to  create .icedtea directory.  As fixing
> this can be pretty complicated, and may lead to bug in jdk itself do you think youcan live with
> workarround to create %USERPROFILE%.icedtea manually?
> 
> ANyway I will check once more when I got more free time.
> 
> Thanx for checking,
>    J.

Thank you for your timely response.
The thing is, that the .icedtea folder gets created. Infact, all files get created, but it fails when trying to tamper with access rights on trusted.cacerts.temp. The following files and folders get created:

%USERPROFILE%\.icedtea
%USERPROFILE%\.icedtea\security
%USERPROFILE%\.icedtea\.appletTrustSettings
%USERPROFILE%\.icedtea\security\trusted.cacerts.temp

On subsequent launches the app fails with an "Cannot create file %USERPROFILE%\.icedtea\security\trusted.cacerts.temp" error, though the file exists. I guess trusted.cacerts.temp should have been a temp file and be deleted when the JVM terminates. There is a temp file facility in J2SE that might help to deal with that (I have not looked into the code yet). So it seams that's probably the crux of the matter. But, indeed it could also be a bug in the J2SE runtime.

Unfortunatelly, I cannot work around it. The console portion of the app works fine, so I can review that. But, as you can see the major UI portion is out of reach for now. The localization is almost done and it is a little bit frustrating to not be able to review it with a running application. Lets hope this issue can be resolved before the next release date. ;)

Thank you for your efforts!
Jacob



More information about the distro-pkg-dev mailing list