StackOverflowError - Java 9 Build 181
mandy chung
mandy.chung at oracle.com
Wed Sep 20 19:56:50 UTC 2017
FYI. jdk.javaws is granted with AllPermissions in
conf/security/javaws.policy. Maybe javaws.policy is not augmented to
the security policy at runtime?
Mandy
On 9/20/17 12:45 PM, Sean Mullan wrote:
> Tom,
>
> Try adding the following lines to the lib/security/default.policy file
> in your JDK installation:
>
> grant codeBase "jrt:/jdk.javaws" {
> permission java.security.AllPermission;
> };
>
> I have a hunch that permissions are not being granted to the
> jdk.javaws module before it needs them. If that fixes the issue (or
> you don't see it for a few days), I'll followup and file a bug.
>
> Thanks,
> Sean
>
> On 9/19/17 5:55 PM, Tom Hood wrote:
>> No luck so far reproducing this problem. The two times it happened to
>> me yesterday have both been with Java 9 build 181 and the application
>> has been idle for awhile. I login to our application, execute various
>> features of the application, go to a meeting, return, and then see
>> the java console repeatedly displaying the stack overflow exception.
>> Maybe meetings are bad for Java 9? :-) I think there are some
>> background threads in our application that are waking up periodically
>> and doing "stuff". I don't know what that "stuff" is yet, but that
>> would be my guess at where I will find the code that triggered the
>> overflow.
>>
>> Assuming I can get our application to the point where I can reproduce
>> the stack overflow, are there particular Java 9 builds that made
>> significant changes to security-relevant code that you'd like me to try?
>>
>> Keep in mind that our app runs on a network not connected to the
>> internet. As it is, I manually typed in the stack trace, so if
>> there's a lot of output I'll have to print it and go through an
>> approval process to show it to you via a scanned pdf. I will
>> continue testing of our app with the security debug turned on so that
>> I'll have the output if it happens again. I also have the logging
>> and tracing enabled in the java control panel.
>>
>> -- Tom
>>
>>
>> On Tue, Sep 19, 2017 at 12:13 PM, Sean Mullan <sean.mullan at oracle.com
>> <mailto:sean.mullan at oracle.com>> wrote:
>>
>> Cross-posting to security-dev as this is more relevant to that list
>> and bcc-ing core-libs-dev.
>>
>> I think this might be an issue with the JavaWebStart SecurityManager
>> not being granted the proper permissions. It is possible that the
>> deployment policy files are not being loaded or there is some other
>> subtle bootstrapping issue. It should not result in a recursive loop
>> of course, but there may be a workaround.
>>
>> In the meantime, can you send me more information, preferably a test
>> case and a log file with -Djava.security.debug=all enabled? (The
>> latter will help analyze the recursion and see what security checks
>> are failing and for which ProtectionDomains). Also, have you tested
>> this on builds earlier than b181?
>>
>> Thanks,
>> Sean
>>
>> On 9/19/17 2:53 PM, Tom Hood wrote:
>>
>> I should add that we have not modified or overridden any policy
>> files.
>> Also, we are not using a custom security manager.
>>
>> On Tue, Sep 19, 2017 at 11:52 AM, Tom Hood <tom.w.hood at gmail.com
>> <mailto:tom.w.hood at gmail.com>> wrote:
>>
>> Hi,
>>
>> I hit an infinite recursion loop probably related to
>> PolicyFile that
>> exists in Java 9 build 181 for windows 64-bit. It might be
>> related to
>> JDK-8077418
>> <https://bugs.openjdk.java.net/browse/JDK-8077418
>> <https://bugs.openjdk.java.net/browse/JDK-8077418>>
>>
>>
>> I haven't tracked down what is causing our webstart app to
>> hit this
>> problem yet, but I thought I would let you know sooner than
>> later. Also,
>> it probably is not a problem for our particular application
>> as I should be
>> able to set the security manager to null which I think/hope
>> will bypass
>> this issue. I will try today to reproduce it in our app so
>> I can confirm
>> if setting security manager to null will work for us.
>>
>> The stack looks like the following: (with many repeat stacks
>> omitted)
>>
>> Exception in thread "AWT-EventQueue-2"
>> java.lang.StackOverflowError
>> at
>> java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/sun.security.provider.PolicyFile.getPermissions(Po
>> licyFile.java:1135)
>> at
>> java.base/sun.security.provider.PolicyFile.getPermissions(Po
>> licyFile.java:1082)
>> at
>> java.base/sun.security.provider.PolicyFile.implies(PolicyFil
>> e.java:1038)
>> at
>> java.base/java.security.provider.ProtectionDomain.implies(Pr
>> otectionDomain.java:323)
>> at
>> java.base/java.security.provider.ProtectionDomain.impliesWit
>> hAltFilePerm(ProtectionDomain.java:355)
>> at
>> java.base/java.security.provider.AccessControlContext.checkP
>> ermission(AccessControlContext.java:450)
>> at
>> java.base/java.security.provider.AccessController.checkPermi
>> ssion(AccessController.java:895)
>> at
>> java.base/java.lang.SecurityManager.checkPermission(Security
>> Manager.java:558)
>> at
>> jdk.javaws/com.sun.javaws.security.JavaWebStartSecurity.chec
>> kPermission(JavaWebStartSecurity.java:237)
>> at
>> java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:897)
>> at java.base/java.io.File.isDirectory(File.java:845)
>> at
>> java.base/sun.net.www.ParseUtil.fileToEncodedURL(ParseUtil.java:299)
>> at
>> java.base/sun.security.provider.PolicyFile.canonicalizeCodeb
>> ase(PolicyFile.java:1665)
>> at
>> java.base/sun.security.provider.PolicyFile.access$700(Policy
>> File.java:263)
>> at
>> java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1139)
>> at
>> java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1136)
>> **** and again ****
>> at
>> java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/sun.security.provider.PolicyFile.getPermissions(Po
>> licyFile.java:1135)
>> at
>> java.base/sun.security.provider.PolicyFile.getPermissions(Po
>> licyFile.java:1082)
>> at
>> java.base/sun.security.provider.PolicyFile.implies(PolicyFil
>> e.java:1038)
>> at
>> java.base/java.security.provider.ProtectionDomain.implies(Pr
>> otectionDomain.java:323)
>> at
>> java.base/java.security.provider.ProtectionDomain.impliesWit
>> hAltFilePerm(ProtectionDomain.java:355)
>> at
>> java.base/java.security.provider.AccessControlContext.checkP
>> ermission(AccessControlContext.java:450)
>> at
>> java.base/java.security.provider.AccessController.checkPermi
>> ssion(AccessController.java:895)
>> at
>> java.base/java.lang.SecurityManager.checkPermission(Security
>> Manager.java:558)
>> at
>> jdk.javaws/com.sun.javaws.security.JavaWebStartSecurity.chec
>> kPermission(JavaWebStartSecurity.java:237)
>> at
>> java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:897)
>> at java.base/java.io.File.isDirectory(File.java:845)
>> at
>> java.base/sun.net.www.ParseUtil.fileToEncodedURL(ParseUtil.java:299)
>> at
>> java.base/sun.security.provider.PolicyFile.canonicalizeCodeb
>> ase(PolicyFile.java:1665)
>> at
>> java.base/sun.security.provider.PolicyFile.access$700(Policy
>> File.java:263)
>> at
>> java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1139)
>> at
>> java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1136)
>> **** above lines start the stack that repeats until overflow
>> ****
>> at
>> java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/sun.security.provider.PolicyFile.getPermissions(Po
>> licyFile.java:1135)
>> at
>> java.base/sun.security.provider.PolicyFile.getPermissions(Po
>> licyFile.java:1082)
>> at
>> java.base/sun.security.provider.PolicyFile.implies(PolicyFil
>> e.java:1038)
>>
>> -- Tom
>>
>>
>>
More information about the security-dev
mailing list