'Re: jjs with support for Security Manager?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-nashorn-dev
Subject:    Re: jjs with support for Security Manager?
From:       Bernd Eckenfels <ecki () zusammenkunft ! net>
Date:       2014-02-05 10:22:19
Message-ID: 20140205112219.000078f9.ecki () zusammenkunft ! net
[Download RAW message or body]

Hello,

Am Wed, 05 Feb 2014 12:38:45 +0530
schrieb "A. Sundararajan" <sundararajan.athijegannathan@oracle.com>:
> The -D System properties are set after jjs tool is initialized. If
> you want System properties to be initialized before VM is
> initialized, you should use -J-D.
> 
> jjs -J-Djava.security.manager foo.js
> 
> This is true of all JDK bin tools. Any -J option is passed to the VM.

Yes true, I haven't thought of it because jjs supports the -D syntax and
the property is actually set (but obviously too late).

So with "jjs -J-Djava.security.manager" I can actually start a instance
where the SM is enabled. If I use it to start a *.js file it actually
works (the default permissions granted apply - see below).

However in interactive mode the policy does not match. Not sure if this
is a required function (it would be certainly good for testing):


$ export JAVA_HOME=/c/Program\ Files/Java/jdk1.8.0/
$ cat $TEMP/sec.js
var System = Java.type("java.lang.System")
System.out.printf("java.version=%s%n", System.getProperty("java.version"))
exit(2) // expected to fail

$ "$JAVA_HOME/bin/jjs" -J-Djava.security.manager $TEMP/sec.js
java.version=1.8.0
Exception in thread "main" java.security.AccessControlException: access denied \
                ("java.lang.RuntimePermission" "exitVM.2")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
                
        at java.security.AccessController.checkPermission(AccessController.java:884)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.SecurityManager.checkExit(SecurityManager.java:761)
        at java.lang.Runtime.exit(Runtime.java:107)
        at java.lang.System.exit(System.java:968)
        at jdk.nashorn.internal.objects.Global.exit(Global.java:889)
        at jdk.nashorn.internal.scripts.Script$sec.runScript(C:/Users/eckenfel/AppData/Local/Temp/sec.js:3)
                
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:498)
                
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:206)
                
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:378)
        at jdk.nashorn.tools.Shell.apply(Shell.java:381)
        at jdk.nashorn.tools.Shell.runScripts(Shell.java:310)
        at jdk.nashorn.tools.Shell.run(Shell.java:166)
        at jdk.nashorn.tools.Shell.main(Shell.java:130)
        at jdk.nashorn.tools.Shell.main(Shell.java:109)
$ "$JAVA_HOME/bin/jjs" -J-Djava.security.manager
jjs> java.lang.System.getProperty("java.version")
java.security.AccessControlException: access denied ("java.util.PropertyPermission" \
"java.version" "read")


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic