[rfc][icedtea-web][icedtea-web-1.5.2] allow also skip of permissions attribute check in case of disabled attributes check

Jie Kang jkang at redhat.com
Mon Nov 24 16:06:03 UTC 2014 


----- Original Message -----
> Hi!
> 
> The permission attribute is still incompletely implemented and mixed
> signatures apps are suffering not working with itw. by specifing it.
> 
> The implementation troubles ate in ITW two:
>   - it can happen that application is loaded by various jnlpfiles
>     => one jnlp file is signed, secondnot : however whole application is
>     signed- so check in second jnlp file on sandbox attribute will finish by
>     error.
>     - fix it to have two kinds of attribute checkers - one jnlp file
>     specific, and one global for whole app. Some attibutes are then checked
>     globaly, some only on iven jnlpfile
>   - the applictaion can be loaded by several classloaders each of them with
>   differet permissions. This is real cause of issues with ^ and I do not
>   know cure on it.
> 
> 
> The reproducers are all jogam or joglor .... applets on
> http://icedtea.classpath.org/wiki/IcedTea-Web-Tests .
> 
> As for head - I'm working on oflfine integration of applets, and it is quite
> blocker. As for 1.5 jog* people have already reported this (got lost...) and
> we should make thi swork for them at least by this workarround.
> 
> J.
> 
> ok to head and 1.5?
> 
> diff -r f1586e8af6b9
> netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java
> --- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java	Wed
> Nov 19 18:33:56 2014 +0100
> +++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java	Sat
> Nov 22 15:53:38 2014 +0100
> @@ -75,15 +75,14 @@
>       }
> 
>       void checkAll() throws LaunchException {
> -        checkPermissionsAttribute();
>           if (isCheckEnabled()) {
> +            checkPermissionsAttribute();
>               checkTrustedOnlyAttribute();
>               checkCodebaseAttribute();
>               checkPermissionsAttribute();
>               checkApplicationLibraryAllowableCodebaseAttribute();
>           } else {
> -
> OutputController.getLogger().log(OutputController.Level.WARNING_ALL,
> "Manifest attribute checks are disabled."
> -                    + " The Permissions attribute will be enforced but other
> manifest attributes will be ignored.");
> +
> OutputController.getLogger().log(OutputController.Level.WARNING_ALL,
> "Manifest attribute checks are disabled.");
>           }
>       }


Hello,

It would be great if aazores could review this as I believe his changeset is being modified here.

My only concern is that for Very High and High security levels, the permissions attribute is checked. 

This change makes it so the permissions attribute is now no longer always checked for Low security levels, yes? This seems fine as a workaround given [1]. However, with all of these workarounds, I am worried that we will never actually fix the issues :\


[1] http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions
  For the Medium (I think for us this is Low) security level, if the Permissions attribute is not present, then the security prompt contains a yellow warning about the missing attribute, and the permissions level requested by the RIA is used.


Regards,

> 

-- 

Jie Kang

More information about the distro-pkg-dev mailing list