RFR: 8352728: InternalError loading java.security due to Windows parent folder permissions [v14]

Weijun Wang weijun at openjdk.org
Sun Dec 7 02:56:59 UTC 2025 

On Fri, 5 Dec 2025 22:34:26 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

>> Apache HTTP Server [resolves against the defined `ServerRoot` directory](https://httpd.apache.org/docs/current/mod/core.html#include:~:text=Or%2C%20providing%20paths,conf/vhosts/*.conf):
>>> Or, providing paths relative to your [`ServerRoot`](https://httpd.apache.org/docs/current/mod/core.html#serverroot) directory:
>>>
>>>     Include conf/ssl.conf
>>>     Include conf/vhosts/*.conf
>
> I have pushed the changes to proceed without resolution (9f298af59431507a66e3141c54abb59fcf3666f6, 2a012397baf0599e7dbe209975b3b353c3de5617, 1178544bda12bb4a6cd4d4400dad618292f29151, c33bf62c2831acefd90ec476fcfb6d853be873ee).
> 
> Since we are no longer resolving paths, we can incur in some relative paths complexity, which is perhaps not very friendly in debug message logs. Each relative include can potentially introduce some `../`, which will accumulate if paths are not resolved.
> 
> So we can end with paths like the following one:
> 
> /basedir/jdk/conf/security/../../../properties/dir1/../../jdk/conf/security/other.properties
> 
> 
> Which could be simply logged as:
> 
> /basedir/jdk/conf/security/other.properties
> 
> 
> So even when I already adjusted the test case, is perhaps better to undo the test changes and try to beautify the paths in debugging messages (but with `LinkOption.NOFOLLOW_LINKS`, to avoid confusion):
> 
> diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
> index 36021f42862..533072b0d08 100644
> --- a/src/java.base/share/classes/java/security/Security.java
> +++ b/src/java.base/share/classes/java/security/Security.java
> @@ -311,8 +311,13 @@ private static void loadFromUrl(URL url, LoadingMode mode)
>          private static void debugLoad(boolean start, Object source) {
>              if (sdebug != null) {
> +                if (source instanceof Path path) {
> +                    try {
> +                        source = path.toRealPath(LinkOption.NOFOLLOW_LINKS);
> +                    } catch (IOException ignore) {}
> +                }
>                  int level = activePaths.isEmpty() ? 1 : activePaths.size();
>                  sdebug.println((start ?
>                          ">".repeat(level) + " starting to process " :
>                          "<".repeat(level) + " finished processing ") + source);
>              }
>          }
> 
> 
> 
> NOTE: even with `LinkOption.NOFOLLOW_LINKS`, `path.toRealPath()` fails for the problematic cases, so it would be just a best effort to make the paths clearer for the user.
> 
> What do you think?

I thought `normalize` will remove those `..` inside?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24465#discussion_r2595863996

More information about the security-dev mailing list