RFR: 8319332: Security properties files inclusion [v7]
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Fri Apr 19 13:01:03 UTC 2024
On Wed, 17 Apr 2024 14:30:02 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 11 commits:
>>
>> - Merge 'openjdk/master' into JDK-8319332
>> - Merge 'openjdk/master' into JDK-8319332
>>
>> Conflict in ConfigFileTest.java solved by keeping our file, which had
>> been previously adjusted.
>>
>> Commands:
>> git merge upstream/master
>> git restore --ours -- test/jdk/java/security/Security/ConfigFileTest.java
>> git add test/jdk/java/security/Security/ConfigFileTest.java
>> git merge --continue
>> - 8319332: Adjust code for JDK-8319673 changes
>>
>> JDK-8319673: Few security tests ignore VM flags
>>
>> Next, we will merge the openjdk/master branch and ignore the conflict in
>> this file.
>>
>> Co-authored-by: Martin Balao <mbalao at redhat.com>
>> Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>> - 8319332: Update copyright and ConfigFileTest.java.
>>
>> Bump copyright year to 2024 in all the modified files.
>>
>> Remove leaked host name from children JVMs debug command.
>>
>> Extract Executor::addSystemPropertiesAsJvmArgs from Executor::execute
>> and rename 'allJvmArgs' to 'command'. Also split class name and
>> RUNNER_ARG addition to 'command' as two separated command.add() calls.
>>
>> Co-authored-by: Martin Balao <mbalao at redhat.com>
>> Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>> - Merge 'openjdk/master' into JDK-8319332
>> - 8319332: Fix corner-case regression with bash pipe
>>
>> Extra properties files provided through bash pipes used to work before
>> this enhancement, restore their behaviour.
>>
>> Also take advantage to use Files::isRegularFile, Files::isDirectory and
>> Files::exists APIs instead of converting from Path to File.
>>
>> Linux reproducers (sub-shell, stdin, and combination of both):
>>
>> java -XshowSettings:security:properties \
>> -Djava.security.properties==<(echo name=value) \
>> -Djava.security.debug=properties -version
>>
>> echo name=value | java -XshowSettings:security:properties \
>> -Djava.security.properties==/dev/stdin \
>> -Djava.security.debug=properties -version
>>
>> echo name=value | java -XshowSettings:security:properties \
>> -Djava.security.properties==<(echo include /dev/stdin) \
>> -Djava.security.debug=properties...
>
> src/java.base/share/classes/java/security/Security.java line 256:
>
>> 254: } else if (Files.isDirectory(path)) {
>> 255: throw new IOException("Is a directory");
>> 256: } else {
>
> When would this happen?
Hi @wangweij, to complement @martinuy's answer, the following commands can trigger this error message in the different described contexts:
java -Djava.security.properties=file:///etc -XshowSettings:security:properties -Djava.security.debug=properties 2>&1 | head -22
java -Djava.security.properties==/etc -XshowSettings:security:properties -Djava.security.debug=properties 2>&1 | head -22
java -Djava.security.properties==<(echo include /etc) -XshowSettings:security:properties
This is also exercised by the test case:
https://github.com/openjdk/jdk/blob/d414fd56e583f321aaa944b61e27631b225b9fa3/test/jdk/java/security/Security/ConfigFileTest.java#L241-L245
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16483#discussion_r1572330885
More information about the security-dev
mailing list