You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2021/07/08 23:01:00 UTC

[jira] [Commented] (LOG4J2-3117) Log rollover throws AccessControlException if called from an unprivileged context

    [ https://issues.apache.org/jira/browse/LOG4J2-3117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17377638#comment-17377638 ] 

Gary D. Gregory commented on LOG4J2-3117:
-----------------------------------------

Note: The Security Manager is going away:
https://openjdk.java.net/jeps/411

> Log rollover throws AccessControlException if called from an unprivileged context
> ---------------------------------------------------------------------------------
>
>                 Key: LOG4J2-3117
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3117
>             Project: Log4j 2
>          Issue Type: Bug
>            Reporter: Paul Burrowes
>            Priority: Minor
>
> Similar to LOG4J2-150. When using a security manager, logging from an unprivileged context can attempt to access system properties directly. Attempting to hack around this with a custom {{RolloverStrategy}} shows that other privileged actions such as creating files during rollover (done directly in {{RollingFileManager}}) also fail. I believe rollover should be performed inside a {{doPrivileged}} block to address these issues. 
> {code:java}
> java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.dir" "read")
>         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>         at java.security.AccessController.checkPermission(AccessController.java:884)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>         at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
>         at java.lang.System.getProperty(System.java:717)
>         at java.io.UnixFileSystem.resolve(UnixFileSystem.java:133)
>         at java.io.File.getAbsolutePath(File.java:556)
>         at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:161)
>         at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:66)
>         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:369)
>         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:278)
>         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:218)
>         at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:267)
>         at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
>         at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
>         at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
>         at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
>         at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:448)
>         at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:433)
>         at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
>         at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
>         at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:63)
>         at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
>         at org.apache.log4j.Category.maybeLog(Category.java:452)
>         at org.apache.log4j.Category.info(Category.java:262)
>         at MySipServlet.sendInviteToMediaServer(MySipServlet.java:614)
>         at MySipServlet.doInvite(MySipServlet.java:119)
>         at javax.servlet.sip.SipServlet.doRequest(Unknown Source)
>         at MySipServlet.doRequest(MySipServlet.java:768)
>         at javax.servlet.sip.SipServlet.service(Unknown Source)
>         at MyServletHandler$2.call(MyServletHandler.java:344)
>         at MyServletHandler$2.call(MyServletHandler.java:341)
>         at MyEventHandler.doInvocation(MyEventHandler:182)
>         at MyEventHandler.deliverEvent(MyEventHandler:154)
>         at MyEventHandler.processEvent(MyEventHandler:98)
>         at MyEventRouter.run(MyEventRouter:100)
>         at MyContextLogger$1.run(MyContextLogger:24)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>         at MyExecutorThreadFactory$1$1.run(MyExecutorThreadFactory:458)
>  {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)