You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2021/07/08 23:01:00 UTC
[jira] [Commented] (LOG4J2-3117) Log rollover throws
AccessControlException if called from an unprivileged context
[ https://issues.apache.org/jira/browse/LOG4J2-3117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17377638#comment-17377638 ]
Gary D. Gregory commented on LOG4J2-3117:
-----------------------------------------
Note: The Security Manager is going away:
https://openjdk.java.net/jeps/411
> Log rollover throws AccessControlException if called from an unprivileged context
> ---------------------------------------------------------------------------------
>
> Key: LOG4J2-3117
> URL: https://issues.apache.org/jira/browse/LOG4J2-3117
> Project: Log4j 2
> Issue Type: Bug
> Reporter: Paul Burrowes
> Priority: Minor
>
> Similar to LOG4J2-150. When using a security manager, logging from an unprivileged context can attempt to access system properties directly. Attempting to hack around this with a custom {{RolloverStrategy}} shows that other privileged actions such as creating files during rollover (done directly in {{RollingFileManager}}) also fail. I believe rollover should be performed inside a {{doPrivileged}} block to address these issues.
> {code:java}
> java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.dir" "read")
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
> at java.lang.System.getProperty(System.java:717)
> at java.io.UnixFileSystem.resolve(UnixFileSystem.java:133)
> at java.io.File.getAbsolutePath(File.java:556)
> at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:161)
> at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:66)
> at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:369)
> at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:278)
> at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:218)
> at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:267)
> at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
> at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
> at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
> at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
> at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:448)
> at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:433)
> at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
> at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
> at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:63)
> at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
> at org.apache.log4j.Category.maybeLog(Category.java:452)
> at org.apache.log4j.Category.info(Category.java:262)
> at MySipServlet.sendInviteToMediaServer(MySipServlet.java:614)
> at MySipServlet.doInvite(MySipServlet.java:119)
> at javax.servlet.sip.SipServlet.doRequest(Unknown Source)
> at MySipServlet.doRequest(MySipServlet.java:768)
> at javax.servlet.sip.SipServlet.service(Unknown Source)
> at MyServletHandler$2.call(MyServletHandler.java:344)
> at MyServletHandler$2.call(MyServletHandler.java:341)
> at MyEventHandler.doInvocation(MyEventHandler:182)
> at MyEventHandler.deliverEvent(MyEventHandler:154)
> at MyEventHandler.processEvent(MyEventHandler:98)
> at MyEventRouter.run(MyEventRouter:100)
> at MyContextLogger$1.run(MyContextLogger:24)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at MyExecutorThreadFactory$1$1.run(MyExecutorThreadFactory:458)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)