You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by "Stu Halloway (DevelopMentor)" <st...@develop.com> on 2003/02/09 20:15:05 UTC
[PATCH] Main.runBuild does not need to setSecurityManager
Ant's runBuild makes an unnecessary call to setSecurityManager. This
causes problems when running Ant with security turned on because that's
a pretty sensitive permission to grant. :-)
I found this problem while testing PermissionSniffer [1], which is a
prototype interactive SecurityManager. Sniffing out defects was an
unexpected side effect.
Cheers,
Stu
[1] http://staff.develop.com/halloway/code/PermissionSniffer.html
----------------------------------------------------------
Stuart Halloway : staff.develop.com/halloway
DevelopMentor : www.develop.com
Essential Java : www.develop.com/courses/essjava
----------------------------------------------------------
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Steve Loughran <st...@iseran.com>.
----- Original Message -----
From: "Stu Halloway (DevelopMentor)" <st...@develop.com>
To: "Ant Developers List" <an...@jakarta.apache.org>
Sent: Tuesday, February 11, 2003 22:06
Subject: Re: [PATCH] Main.runBuild does not need to setSecurityManager
> >>I found this problem while testing PermissionSniffer [1], which is a
> >>prototype interactive SecurityManager. Sniffing out defects was an
> >>unexpected side effect.
> >
> >
> > hey, can you do Axis next? Or are you going to give us an <audit> ant
task
> > to include in the Gump?
> >
>
> Well, I have added an audit task to PermissionSniffer [1], but I don't
> know if it's what you had in mind. Take a look and let me know what
> other features you would like to see.
>
> I am writing an Axis lab for the class I am teaching next week and will
> take a pass with PermissionSniffer while I am at it.
ok.
>
> I haven't spent any time with the Gump yet, does my task need to do
> anything special to be Gump-friendly?
not usually
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by "Stu Halloway (DevelopMentor)" <st...@develop.com>.
>>I found this problem while testing PermissionSniffer [1], which is a
>>prototype interactive SecurityManager. Sniffing out defects was an
>>unexpected side effect.
>
>
> hey, can you do Axis next? Or are you going to give us an <audit> ant task
> to include in the Gump?
>
Well, I have added an audit task to PermissionSniffer [1], but I don't
know if it's what you had in mind. Take a look and let me know what
other features you would like to see.
I am writing an Axis lab for the class I am teaching next week and will
take a pass with PermissionSniffer while I am at it.
I haven't spent any time with the Gump yet, does my task need to do
anything special to be Gump-friendly?
Stu
[1] http://staff.develop.com/halloway/code/PermissionSniffer.html
----------------------------------------------------------
Stuart Halloway : staff.develop.com/halloway
DevelopMentor : www.develop.com
Essential Java : www.develop.com/courses/essjava
----------------------------------------------------------
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Steve Loughran <st...@iseran.com>.
----- Original Message -----
From: "Stu Halloway (DevelopMentor)" <st...@develop.com>
To: "ant-dev" <an...@jakarta.apache.org>
Sent: Sunday, February 09, 2003 11:15
Subject: [PATCH] Main.runBuild does not need to setSecurityManager
> Ant's runBuild makes an unnecessary call to setSecurityManager. This
> causes problems when running Ant with security turned on because that's
> a pretty sensitive permission to grant. :-)
this is interesting. There are actually plans to add a security manager
(optionally) into <java> to catch unplanned exits, but that is the only
place we'll need it. What you probably found was a half commented out bit of
work from, what, Ant 1.2 ?, with an attempt to set a security manager caught
the exits but introduced too much backwards incompatibility to be retained.
>
> I found this problem while testing PermissionSniffer [1], which is a
> prototype interactive SecurityManager. Sniffing out defects was an
> unexpected side effect.
hey, can you do Axis next? Or are you going to give us an <audit> ant task
to include in the Gump?
-steve
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by "Stu Halloway (DevelopMentor)" <st...@develop.com>.
> I'd also like to get your thoughts (and others) on an effective way to
> stop a non-forked Java program or a task from causing Ant to exit.
If the caller has (1) set a security manager that allows exit but
disallows SM replacement, and (2) is using Main instead of Project, then
there is not a lot we can do--but I don't have much sympathy for such
clients. :-)
It seems that we could handle most other cases by:
a. Only instantiate an SM at all if some flag is set. That way the only
people who have to deal with this weirdness are those fighting with
ill-behaved tasks.
b. If (flag set) and (version > 1.1) install our SM.
c. SM delegates calls to the previous SM if any, except for checkExit.
d. Instead of always throwing SecurityException, allow the client to
control which exception is thrown by setting some flag. This is a gross
hack based on the assumption that different ill-behaved programs might
eat different exceptions.
That still wouldn't be enough for all situations. I'd like to hear more
from Peter about known problems.
Cheers,
Stu
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Conor MacNeill <co...@cortexebusiness.com.au>.
Stu Halloway (DevelopMentor) wrote:
>
> Ant isn't using a SecurityManager (well, at least not at this point in
> the code). It's getting the one *I* set, then resetting it to the same
> value. This is a no-op except for the fact that Ant now asserts a
> permission that it doesn't need.
Agreed. This is the situation now and the code that is there is the "runt"
of an attempt to turn on a security manager that would prevent a task from
causing Ant to exit by calling System.exit(). This is the
NoExitSecurityManager. I think the reason that is not done was JDK 1.1
compatability although ISTR that Peter suggested setting the security
manager after some classes were loaded from the jar would cause a problem.
>
>> IOW, Main is the command line driver for Ant. If you are integrating
>> Ant into another environment with its own security manager, you should
>> be integrating Project.
>
>
> What if I am integrating Ant into a non-Java environment, and want to
> turn on security from the command line? Is this usage invalid?
>
Yes, that is valid. I think Erik should go ahead and apply your patch. I'd
also like to get your thoughts (and others) on an effective way to stop a
non-forked Java program or a task from causing Ant to exit.
Conor
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by "Stu Halloway (DevelopMentor)" <st...@develop.com>.
> Maybe nothing. Our use of a security manager shouldn't be an issue as
> this is for use from the command line.
Ant isn't using a SecurityManager (well, at least not at this point in
the code). It's getting the one *I* set, then resetting it to the same
value. This is a no-op except for the fact that Ant now asserts a
permission that it doesn't need.
> IOW, Main is the command line
> driver for Ant. If you are integrating Ant into another environment with
> its own security manager, you should be integrating Project.
What if I am integrating Ant into a non-Java environment, and want to
turn on security from the command line? Is this usage invalid?
Stu
----------------------------------------------------------
Stuart Halloway : staff.develop.com/halloway
DevelopMentor : www.develop.com
Essential Java : www.develop.com/courses/essjava
----------------------------------------------------------
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Conor MacNeill <co...@cortexebusiness.com.au>.
Erik Hatcher wrote:
>
> I'm guessing this is a trick question... :)
No, it was a genuine question :-) I'm at work and I haven't had much of a
chance to look at it.
>
> because oldsm doesn't appear to be used, except in the finally clause,
> and its setting the security manager back to what it already was.
>
> What am I (and Stu) missing?
>
Maybe nothing. Our use of a security manager shouldn't be an issue as this
is for use from the command line. IOW, Main is the command line driver for
Ant. If you are integrating Ant into another environment with its own
security manager, you should be integrating Project. Well, there are
probably issues to do with that statement, which I think we should address
as well.
Conor
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Erik Hatcher <ja...@ehatchersolutions.com>.
On Sunday, February 9, 2003, at 08:02 PM, Conor MacNeill wrote:
> Erik Hatcher wrote:
>> Any committers have thoughts on this patch?
>> It looks like a reasonable patch to apply, but I wanted to
>> double-check.
>
> Why do you think it is reasonable?
I'm guessing this is a trick question... :)
because oldsm doesn't appear to be used, except in the finally clause,
and its setting the security manager back to what it already was.
What am I (and Stu) missing?
Erik
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Conor MacNeill <co...@cortexebusiness.com.au>.
Erik Hatcher wrote:
> Any committers have thoughts on this patch?
>
> It looks like a reasonable patch to apply, but I wanted to double-check.
>
Why do you think it is reasonable?
Conor
Re: [PATCH] Main.runBuild does not need to setSecurityManager
Posted by Erik Hatcher <ja...@ehatchersolutions.com>.
Any committers have thoughts on this patch?
It looks like a reasonable patch to apply, but I wanted to double-check.
Erik
On Sunday, February 9, 2003, at 02:15 PM, Stu Halloway (DevelopMentor)
wrote:
> Ant's runBuild makes an unnecessary call to setSecurityManager. This
> causes problems when running Ant with security turned on because
> that's a pretty sensitive permission to grant. :-)
>
> I found this problem while testing PermissionSniffer [1], which is a
> prototype interactive SecurityManager. Sniffing out defects was an
> unexpected side effect.
>
> Cheers,
> Stu
>
> [1] http://staff.develop.com/halloway/code/PermissionSniffer.html
>
> ----------------------------------------------------------
> Stuart Halloway : staff.develop.com/halloway
> DevelopMentor : www.develop.com
> Essential Java : www.develop.com/courses/essjava
> ----------------------------------------------------------
>
> Index: jakarta-ant/src/main/org/apache/tools/ant/Main.java
> ===================================================================
> RCS file:
> /home/cvspublic/jakarta-ant/src/main/org/apache/tools/ant/Main.java,v
> retrieving revision 1.78
> diff -u -r1.78 Main.java
> --- jakarta-ant/src/main/org/apache/tools/ant/Main.java 9 Feb 2003
> 07:59:52 -0000 1.78
> +++ jakarta-ant/src/main/org/apache/tools/ant/Main.java 9 Feb 2003
> 18:56:54 -0000
> @@ -559,18 +559,6 @@
> PrintStream err = System.err;
> PrintStream out = System.out;
>
> - // use a system manager that prevents from System.exit()
> - // only in JDK > 1.1
> - SecurityManager oldsm = null;
> - if (!JavaEnvUtils.isJavaVersion(JavaEnvUtils.JAVA_1_0) &&
> - !JavaEnvUtils.isJavaVersion(JavaEnvUtils.JAVA_1_1)){
> - oldsm = System.getSecurityManager();
> -
> - //SecurityManager can not be installed here for
> backwards
> - //compatability reasons (PD). Needs to be loaded
> prior to
> - //ant class if we are going to implement it.
> - //System.setSecurityManager(new
> NoExitSecurityManager());
> - }
> try {
> project.setDefaultInputStream(System.in);
> System.setIn(new DemuxInputStream(project));
> @@ -611,12 +599,6 @@
>
> project.executeTargets(targets);
> } finally {
> - // put back the original security manager
> - //The following will never eval to true. (PD)
> - if (oldsm != null){
> - System.setSecurityManager(oldsm);
> - }
> -
> System.setOut(out);
> System.setErr(err);
> }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ant-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: ant-dev-help@jakarta.apache.org