RFR: 8368692: Restrict Password::readPassword from reading from System.in

Weijun Wang weijun at openjdk.org
Thu Jan 29 21:38:54 UTC 2026 

On Thu, 29 Jan 2026 20:38:08 GMT, Naoto Sato <naoto at openjdk.org> wrote:

>> A new security/system property added to determine whether Java can read password from `System.in` if a console is not available.
>
> src/java.base/share/classes/sun/security/util/Password.java line 75:
> 
>> 73:                 } else if (in == System.in && !ALLOW_STDIN) {
>> 74:                     throw new UnsupportedOperationException("Console not available." +
>> 75:                             " Reading passwords from System.in is disallowed.");
> 
> Although I understand the meaning of this error, it might be a bit cryptic to the user. Using the term "password input from non-interactive terminal" or something along the lines might be easier.
> 
> Anyway, this "else if" clause can be merged with the following "else if", as "in == System.in" is repeated.

Can we just say "from standard input"? I'm not sure "non-interactive terminal" is precise. And yes, I can put another level of `if` there.

> src/java.base/share/conf/security/java.security line 1729:
> 
>> 1727: # environment variable or a file.
>> 1728: #
>> 1729: #jdk.security.password.allowSystemIn = true
> 
> Should this be uncommented? Otherwise the default value is `null`

This is our usual pattern in `java.security`. By commenting out the line, the property read is null but internally treated as "true".

> test/jdk/sun/security/tools/keytool/AllowSystemIn.java line 29:
> 
>> 27:  * @summary Restrict Password::readPassword from reading from System.in
>> 28:  * @library /test/lib
>> 29:  * @run main AllowSystemIn succeed
> 
> Adding tests to check the system property value (should either be `true` or `false`) would be helpful, as well as setting it to a bogus one.

I can add a bogus value but in a lot of cases the behavior is undefined. It could fail early or at called time. Anyway, this is an implementation detail and I can always adjust the test later.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743645058
PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743649789
PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743654112

More information about the security-dev mailing list