RFR [11] 8207846: Generalize the jdk.net.includeInExceptions security property

Lindenmaier, Goetz goetz.lindenmaier at sap.com
Fri Jul 20 12:30:15 UTC 2018


Hi,

I scanned all the changes we did to exception messages in our 
internal VM, see below.  We print paths and sockets in a row of places, 
but also other information. It's wide spread, while most is in 
java.base.

We plan to contribute these messages in the near future. Thus
it'll be useful if the property can be reused whenever some 
of this information is rated security relevant.

Best regards,
  Goetz.

java/io/FileOutputStream.java
java/io/RandomAccessFile.java
  path
java.base/unix/native/libjava/UnixFileSystem_md.c
java.base/windows/native/libjava/WinNTFileSystem_md.c
  path

java/util/jar/Manifest.java
java/util/jar/Attributes.java
  path, position in file

java/util/Timer.java
  print the errornous values (delay, period, time)

jdk/internal/org/objectweb/asm/MethodWriter.java
  length of too long bytecode code

libverify/check_code.c
  position of error, errroneous types 

java.base/share/native/libzip/zip_util.c
  path to zipped file
java.base/share/native/libzip/zlib/inflate.c
  zip version information

java.base/unix/native/libnet/Inet6AddressImpl.c
java.base/share/native/libnet/net_util.c
java.base/unix/native/libnet/PlainDatagramSocketImpl.c
java.base/unix/native/libnet/PlainSocketImpl.c
java.base/unix/native/libnet/SocketInputStream.c
java.base/unix/native/libnet/SocketOutputStream.c
java.base/windows/native/libnet/DualStackPlainDatagramSocketImpl.c
java.base/windows/native/libnet/DualStackPlainSocketImpl.c
  Information about sockets

java.base/unix/native/libnio/ch/DatagramChannelImpl.c
java.base/unix/native/libnio/ch/DatagramDispatcher.c
  socket
java.base/unix/native/libnio/ch/FileChannelImpl.c
  size, protection codes of memory, file, 

java.desktop/unix/native/libawt_xawt/awt/awt_GraphicsEnv.c
  more detailed information about DISPLAY

jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java
  inet address

jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java
  path




> -----Original Message-----
> From: core-libs-dev [mailto:core-libs-dev-bounces at openjdk.java.net] On
> Behalf Of Chris Hegarty
> Sent: Freitag, 20. Juli 2018 13:38
> To: core-libs-dev <core-libs-dev at openjdk.java.net>; Security Dev OpenJDK
> <security-dev at openjdk.java.net>
> Subject: RFR [11] 8207846: Generalize the jdk.net.includeInExceptions
> security property
> 
> JDK-8204233 added a new security property, `jdk.net.includeInExceptions`,
> to include additional, potentially security sensitive, information in
> exception detail messages in the networking area. The property accepts a
> comma separated list of values that specifies the particular type of
> extra detail information to add.
> 
> Since its addition, in JDK 11, further uses have arisen to include
> additional, potentially security sensitive, information in exception
> detail messages in other areas, namely the java.util.jar APIs. See
> JDK-8205525, and http://mail.openjdk.java.net/pipermail/core-libs-
> dev/2018-July/054284.html
> 
> Given that this mechanism will likely be used more generally across
> different parts of the platform, it seem prudent to rename the property
> to be less area-specific, thus allowing for additional argument values
> to be specified, like for example `jarPath`.
> 
> The following are the suggested changes to the java.security file:
> 
> $ hg extdiff -p diff -o -C1 src/java.base/share/conf/security/java.security
> *** 1062,1074 ****
> 
>   #
> ! # Enhanced exception message text
>   #
> ! # By default, socket exception messages do not include potentially sensitive
> ! # information such as hostnames or port numbers. This property may be set
> to one
> ! # or more values, separated by commas, and with no white-space. Each
> value
> ! # represents a category of enhanced information. Currently, the only
> category defined
> ! # is "hostInfo" which enables more detailed information in the IOExceptions
> ! # thrown by java.net.Socket and also the socket types in the
> java.nio.channels package.
> ! # The setting in this file can be overridden by a system property of the same
> name
> ! # and with the same syntax and possible values.
> ! #jdk.net.includeInExceptions=hostInfo
> --- 1062,1084 ----
> 
> +
> + #
> + # Enhanced exception message information
> + #
> + # By default, several exception messages do not include potentially
> sensitive
> + # information such as file names, host names, or port numbers. This
> property may
> + # be used to enable categories of enhanced information in exception
> messages.
> + # The property accepts one or more comma separated values, each of
> which
> + # represents a category of enhanced exception message information to
> enable.
> + # Values are case-insensitive. Leading and trailing whitespaces, surrounding
> + # each value, are ignored. Unknown values are ignored.
> + #
> + # The categories, to enable enhanced exception message information, are:
> + #
> + #  hostInfo - IOExceptions thrown by java.net.Socket and also the socket
> types
> + #                  in the java.nio.channels package will contain enhanced exception
> + #                  message information
>   #
> ! # The property setting in this file can be overridden by a system property of
> ! # the same name, with the same syntax and possible values.
>   #
> ! #jdk.includeInExceptions=hostInfo
> 
> 
> Full webrev:
>   http://cr.openjdk.java.net/~chegar/8207846/webrev.00/
> 
> -Chris.
> 
> P.S. It appears that jtreg does not support quoted system property values
> with spaces on the @run line. I’ll file an issue against jtreg for this.



More information about the security-dev mailing list