RFR: 8319332: Security properties files inclusion [v7]

Fri Apr 19 13:33:58 UTC 2024

On Fri, 19 Apr 2024 13:02:27 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Hi @wangweij, to complement @martinuy's answer, the following commands can trigger this error message in the different described contexts:
>> 
>> java -Djava.security.properties=file:///etc -XshowSettings:security:properties -Djava.security.debug=properties 2>&1 | head -22
>> java -Djava.security.properties==/etc -XshowSettings:security:properties -Djava.security.debug=properties 2>&1 | head -22
>> java -Djava.security.properties==<(echo include /etc) -XshowSettings:security:properties
>> 
>> 
>> This is also exercised by the test case:
>> https://github.com/openjdk/jdk/blob/d414fd56e583f321aaa944b61e27631b225b9fa3/test/jdk/java/security/Security/ConfigFileTest.java#L241-L245
>
> Oh, I meant the final `else`. What does it mean if a file is neither "regular" nor "directory"? Also I don't quite understand why one uses `toRealPath` and one uses `toAbsolutePath`. Is this related to resolving a symlink?

Oh, I see now, _Linux_ pipes are examples of non-regular + non-directory at the same time, where `Path::toAbsolutePath()` works but `Path::toRealPath()` fails:

[fferrari at vmhost ~]$ jshell -<<<'System.out.println(Path.of("/dev/stdin").toAbsolutePath())'
/dev/stdin
[fferrari at vmhost ~]$ jshell -<<<'System.out.println(Path.of("/dev/stdin").toRealPath())'
Exception java.nio.file.NoSuchFileException: /dev/stdin
      at UnixException.translateToIOException (UnixException.java:92)
      at UnixException.rethrowAsIOException (UnixException.java:106)
      at UnixException.rethrowAsIOException (UnixException.java:111)
      at UnixPath.toRealPath (UnixPath.java:825)
      at (#1:1)

That change was introduced to avoid a regression, please see [this comment](https://github.com/openjdk/jdk/pull/16483#issuecomment-1881663782) (and the commit message).

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/16483#discussion_r1572382025