RFR: 8352728: InternalError loading java.security due to Windows parent folder permissions [v14]
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Fri Dec 5 20:17:00 UTC 2025
On Fri, 5 Dec 2025 20:09:22 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:
>> Yes, it's good to see how this behaves on other programs, especially in configuration files. I know `krb5.conf` also supports it but it requires the included file having an absolute path.
>>
>>> Would you think that such a change requires a CSR?
>>
>> Maybe not. I see nowhere in its description in `java.security` talking about relative path resolution, so you have no specification to update.
>>
>> A release note is enough, IMO.
>
> Git behaves as C, it doesn't resolve symlinks:
>
>
> # Backup user's config and prepare git config files
> mv ~/.gitconfig{,.bak}
>
> cat >/tmp/main.config <<'EOF'
> [include]
> path = included.config
> EOF
>
> cat >/tmp/included.config <<'EOF'
> [section]
> key = "/tmp/included.config was included"
> EOF
>
> cat >~/included.config <<'EOF'
> [section]
> key = "~/included.config was included"
> EOF
>
> # Link ~/.gitconfig -> /tmp/main.config
> ln -s /tmp/main.config ~/.gitconfig
>
> # Check which file is included (ensure CWD is anything else)
> git -C / config section.key
>
> # Cleanup and restore user's config
> rm ~/.gitconfig ~/included.config /tmp/included.config /tmp/main.config
> mv ~/.gitconfig{.bak,}
>
>
> Output:
>
> ~/included.config was included
OpenSSL deals with relative paths differently, [they resolve against the application's CWD](https://www.openssl.org/docs/man1.1.1/man5/config.html#:~:text=Relative%20paths,as%20expected%2e):
> Relative paths are evaluated based on the application current working directory so unless the configuration file containing the `.include` directive is application specific the inclusion will not work as expected.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24465#discussion_r2593860774
More information about the security-dev
mailing list