You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2021/01/26 12:56:58 UTC
[Bug 65106] New: ConfigFileLoader cannot properly handle file url
running with SecurityManager on openjdk 1.8
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
Bug ID: 65106
Summary: ConfigFileLoader cannot properly handle file url
running with SecurityManager on openjdk 1.8
Product: Tomcat 8
Version: 8.5.61
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: j.novak@quadient.com
Target Milestone: ----
Created attachment 37718
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37718&action=edit
zip file with screens
spring-boot 1.5.22 creates instance of Http11NioProtocol with certificate
keystore file defined with file url. Images set-url.png, set-url2.png.
When it reaches ConfigFileLoader, location is not absolute so it puts
catalina_base before file url creating "c:/tmp/catalina/file:/c:/tmp/my.jks".
Check if it is file throws AccessControlException (access denied
("java.io.FilePermission" "C:\tmp\120\a\catalina\file:\C:\tmp\120\key.jks"
"read")
). And it is impossible to create such a policy for SecurityManager.
- ConfigFileLoader.png
- ConfigFileLoader.png
- exception.png
getInputStream method can handle file url but when using SecurityManager under
zulu, correto.
Oracle java 1.8 works correctly. SecurityManager has no complains about such
weird path. Just openjdks have problem.
Fails on
- zulu openjdk newer - zulu8.42.0.23-ca-jdk8.0.232-win_x64
- correto 1.8.0_282
```
public static InputStream getInputStream(String location) throws IOException
{
File f = new File(location);
if (!f.isAbsolute()) {
f = new File(CATALINA_BASE_FILE, location);
}
if (f.isFile()) {
return new FileInputStream(f);
} else {
URI uri = getURI(location);
try {
URL url = uri.toURL();
return url.openConnection().getInputStream();
} catch (IllegalArgumentException var4) {
throw new
IOException(sm.getString("configFileLoader.cannotObtainURL", new
Object[]{location}), var4);
}
}
}
```
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #3 from Remy Maucherat <re...@apache.org> ---
I am inching towards a WONTFIX, since the only real solution is to use URLs
only. It would mean absolute file paths won't work, I believe, and this is not
possible. The rest would be fine.
I don't understand why "And it is impossible to create such a policy for
SecurityManager", can you explain a bit more ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #10 from Remy Maucherat <re...@apache.org> ---
(In reply to Mark Thomas from comment #9)
> The best I can up with is if path starts with "file:/" or "<protocol>://"
> the code jumps directly to the URI handling. I'll work on a patch. I'm
> wondering how far to go optimizing the code. I'm thinking not far.
Ok. Yes, I don't think it needs to be super fast since this is for loading
configuration resources.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #5 from Mark Thomas <ma...@apache.org> ---
Rémy, what if we added a
if ("name.startsWith("file:/") {
....
}
block around the File and classloader case? Essentially short circuit to URI in
that case for getResource() and getURI(). Does that help?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #13 from Remy Maucherat <re...@apache.org> ---
It was fixed shortly after in 8.5.63.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #9 from Mark Thomas <ma...@apache.org> ---
The best I can up with is if path starts with "file:/" or "<protocol>://" the
code jumps directly to the URI handling. I'll work on a patch. I'm wondering
how far to go optimizing the code. I'm thinking not far.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #8 from Mark Thomas <ma...@apache.org> ---
Hmm. Thinking...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #2 from Jiri Novak <j....@quadient.com> ---
I understand but the current state is that tomcat won't start.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #6 from Mark Thomas <ma...@apache.org> ---
That should be:
if (*!*name...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #7 from Remy Maucherat <re...@apache.org> ---
(In reply to Mark Thomas from comment #5)
> Rémy, what if we added a
>
> if ("name.startsWith("file:/") {
> ....
> }
> block around the File and classloader case? Essentially short circuit to URI
> in that case for getResource() and getURI(). Does that help?
I think that would work for the reporter but still fail for other URLs. This
security check is annoying ...
Maybe detect a URL scheme, like if there's ':' in the path and no '/' before it
?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #4 from Jiri Novak <j....@quadient.com> ---
Caused by: java.io.IOException: Failed to load keystore type [JKS] with path
[file:/C:/tmp/120/key.jks] due to [access denied ("java.io.FilePermission"
"C:\tmp\120\a\catalina\file:\C:\tmp\120\key.jks" "read")]
at
org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:227)
I have not found any way how to write such path to policy file so
SecurityManager can accept it.
permission java.io.FilePermission "file:${catalina.base}", "read";
permission java.io.FilePermission "${catalina.base}", "read";
permission java.io.FilePermission "file:${catalina.base}/", "read";
permission java.io.FilePermission "${catalina.base}/", "read";
permission java.io.FilePermission "file:${catalina.base}/-", "read";
permission java.io.FilePermission "${catalina.base}/-", "read";
permission java.io.FilePermission "file:${catalina.base}/*", "read";
permission java.io.FilePermission "${catalina.base}/*", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina/", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina/-", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina/*", "read";
permission java.io.FilePermission
"C:/tmp/120/a/catalina/file:/C:/tmp/120/key.jks", "read";
permission java.io.FilePermission
"C:/tmp/120/a/catalina/file://C:/tmp/120/key.jks", "read";
permission java.io.FilePermission
"C:/tmp/120/a/catalina/file:///C:/tmp/120/key.jks", "read";
permission java.io.FilePermission
"C:\\tmp\\120\\a\\catalina\\file:\\C:\\tmp\\120\\key.jks", "read";
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
--- Comment #12 from Jiri Novak <j....@quadient.com> ---
Any chance it will be fixed to 8.5?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #11 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- 10.0.x for 10.0.2 onwards
- 9.0.x for 9.0.43 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65106] ConfigFileLoader cannot properly handle file url running
with SecurityManager on openjdk 1.8
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Remy Maucherat <re...@apache.org> ---
Ok, after checking the javadoc, I can see that isAbsolute is a safe call (no
security check) but isFile is not. Wrapping with a try/catch could be
reasonable, however it would also hide the exception when it is legitimate and
useful to have.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org