You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Karl Pauls (JIRA)" <ji...@apache.org> on 2013/03/25 12:45:15 UTC

[jira] [Assigned] (FELIX-3992) Classloader access outside of a privileged block

     [ https://issues.apache.org/jira/browse/FELIX-3992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Karl Pauls reassigned FELIX-3992:
---------------------------------

    Assignee: Karl Pauls

Looks like something like your patch would make sense. Thanks, I'll try to get to it soon...
                
> Classloader access outside of a privileged block
> ------------------------------------------------
>
>                 Key: FELIX-3992
>                 URL: https://issues.apache.org/jira/browse/FELIX-3992
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: framework-4.2.0
>            Reporter: Romain Dubois
>            Assignee: Karl Pauls
>            Priority: Minor
>              Labels: security
>
> In method org.apache.felix.framework.ServiceRegistrationImpl.isClassAccessible(Class), there is an access to the registered ServiceFactory classloader (lines 163:169 in v4.2.1):
>         if ((m_factory != null)
>             && (m_factory.getClass().getClassLoader() instanceof BundleReference)
>             && !((BundleReference) m_factory.getClass()
>                 .getClassLoader()).getBundle().equals(m_bundle))
>         {
>             return true;
>         }
> If a bundle registers a service through a ServiceFactory and if there is an active ServiceListener matching this service, those lines are executed inside the registering bundle's protection domain.
> If this bundle does not have the (java.util.RuntimePermission 'getClassloader') privilege, the getClassLoader invocation throws a SecurityException and the listener is always called because the exception is catched at line 526 (isAssignableTo) of the same class.
> The comment inside the catch block does not seem to justify this case.
> I think a simple privileged block around the bundle comparison is harmless and should fix this. It could be something like :
>         if (m_factory != null)
>         {
>             Bundle bundle = null;
>             if (System.getSecurityManager() == null)
>             {
>                 if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
>                     bundle = ((BundleReference) m_factory.getClass().getClassLoader()).getBundle(); 
>                 }
>             }
>             else
>             {
>                 bundle = AccessController.doPrivileged(new PrivilegedAction<Bundle>() {
>                     public Bundle run() {
>                         if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
>                             return ((BundleReference) m_factory.getClass().getClassLoader()).getBundle(); 
>                         }       
>                         return null;
>                     }
>                 });
>             }
>             
>             if (bundle != null && bundle.equals(m_bundle)) {
>                 return true;
>             }
>         }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira