RFR: (XS) 8162916:Test sun/security/krb5/auto/UnboundSSL.java fails
Seán Coffey
sean.coffey at oracle.com
Wed Aug 17 17:12:56 UTC 2016
Hi Artem,
Sorry - should have said that this is for jdk8u-dev. The bug is marked
9-na. The provider loading changes made in this area for 9 mean that
it's not affected.
Regards,
Sean.
On 17/08/16 18:10, Artem Smotrakov wrote:
> Hi Sean,
>
> If I remember correctly, there is no ext directory in JDK 9 any more.
>
> I don't see in jtr file that "java.ext.dirs" system property is passed
> to the test. If I understand correctly, "file:${{java.ext.dirs}}/*"
> becomes "file:/*" which seems to grand all permissions to all the
> code. It doesn't look correct for this test.
>
> It looks like the test overrides the default policy, please see in jtr
> file
>
> -Djava.security.policy==/export/home/gtee/scripts/Results/workDir/scratch_2/unbound.ssl.policy_new
> \\
>
> If I recall correctly, there should be a way to specify a policy file
> in @run without overriding the default one. May be it is "@run
> main/othervm/java.security.policy=unbound.ssl.policy_new"
>
> Artem
>
>
> On 08/17/2016 09:53 AM, Seán Coffey wrote:
>> A recently added test case lacks sufficient permissions to read a
>> conf file when running with security manager.
>>
>> bug report : https://bugs.openjdk.java.net/browse/JDK-8162916
>>
>> proposed patch :
>> diff --git a/test/sun/security/krb5/auto/unbound.ssl.policy
>> b/test/sun/security/krb5/auto/unbound.ssl.policy
>> --- a/test/sun/security/krb5/auto/unbound.ssl.policy
>> +++ b/test/sun/security/krb5/auto/unbound.ssl.policy
>> @@ -1,7 +1,13 @@
>> +// Standard extensions get all permissions by default
>> +
>> +grant codeBase "file:${{java.ext.dirs}}/*" {
>> + permission java.security.AllPermission;
>> +};
>> +
>> grant {
>> permission java.util.PropertyPermission "*", "read,write";
>> permission java.net.SocketPermission "*:*",
>> "listen,resolve,accept,connect";
>> - permission java.io.FilePermission "*", "read,write,delete";
>> + permission java.io.FilePermission "<<ALL FILES>>",
>> "read,write,delete";
>> permission java.lang.RuntimePermission "accessDeclaredMembers";
>> permission java.lang.reflect.ReflectPermission
>> "suppressAccessChecks";
>> permission java.lang.RuntimePermission "accessClassInPackage.*";
>>
>
More information about the security-dev
mailing list