Bug in ProcessBuilder.

Bradford Wetmore bradford.wetmore at oracle.com
Sat Aug 24 04:48:10 UTC 2013


Martin,

Your fix looks good to me, just need a test case to putback. Should be 
pretty straightforward to create a custom SecurityManager that throws a 
ACE instead of a SE during a checkRead(), and then link together.

Brad


On 8/21/2013 3:51 PM, Martin Buchholz wrote:
> Adding Alexey Utkin, who appears to be the author of the lines I am
> proposing to modify.  Alexey, you are invited to take ownership of this fix.
>
>
> On Wed, Aug 21, 2013 at 3:43 PM, Martin Buchholz <martinrb at google.com
> <mailto:martinrb at google.com>> wrote:
>
>     Hi security team,
>
>     There's some code in ProcessBuilder.java to avoid leaking data in
>     case ProcessBuilder.start fails.
>     It appears to have an obvious bug, with an obvious fix.
>
>     http://cr.openjdk.java.net/~martin/webrevs/openjdk8/ProcessBuilder-checkRead/
>
>     checkRead is spec'ed to throw SecurityException, not
>     AccessControlException. If checkRead does throw SecurityException,
>     then start will throw the wrong exception.
>
>     Untested.
>
>     @@ -1033,9 +1033,9 @@
>                       // Can not disclose the fail reason for read-protected files.
>                       try {
>                           security.checkRead(prog);
>     -                } catch (AccessControlException ace) {
>     +                } catch (SecurityException e) {
>                           exceptionInfo = "";
>     -                    cause = ace;
>     +                    cause = e;
>                       }
>                   }
>                   // It's much easier for us to create a high-quality error
>
>



More information about the security-dev mailing list