You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Romain Dubois (JIRA)" <ji...@apache.org> on 2013/03/24 11:49:15 UTC
[jira] [Updated] (FELIX-3992) Classloader access outside of a
privileged block
[ https://issues.apache.org/jira/browse/FELIX-3992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Romain Dubois updated FELIX-3992:
---------------------------------
Description:
In method org.apache.felix.framework.ServiceRegistrationImpl.isClassAccessible(Class), there is an access to the registered ServiceFactory classloader (lines 163:169 in v4.2.1):
if ((m_factory != null)
&& (m_factory.getClass().getClassLoader() instanceof BundleReference)
&& !((BundleReference) m_factory.getClass()
.getClassLoader()).getBundle().equals(m_bundle))
{
return true;
}
If a bundle registers a service through a ServiceFactory and if there is an active ServiceListener matching this service, those lines are executed inside the registering bundle's protection domain.
If this bundle does not have the (java.util.RuntimePermission 'getClassloader') privilege, the getClassLoader invocation throws a SecurityException and the listener is always called because the exception is catched at line 526 (isAssignableTo) of the same class.
The comment inside the catch block does not seem to justify this case.
I think a simple privileged block around the bundle comparison is harmless and should fix this. It could be something like :
if (m_factory != null)
{
Bundle bundle = null;
if (System.getSecurityManager() == null)
{
if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
bundle = ((BundleReference) m_factory.getClass().getClassLoader()).getBundle();
}
}
else
{
bundle = AccessController.doPrivileged(new PrivilegedAction<Bundle>() {
public Bundle run() {
if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
return ((BundleReference) m_factory.getClass().getClassLoader()).getBundle();
}
return null;
}
});
}
if (bundle != null && bundle.equals(m_bundle)) {
return true;
}
}
was:
In method org.apache.felix.framework.ServiceRegistrationImpl.isClassAccessible(Class), there is an access to the registered ServiceFactory classloader (lines 163:169 in v4.2.1):
if ((m_factory != null)
&& (m_factory.getClass().getClassLoader() instanceof BundleReference)
&& !((BundleReference) m_factory.getClass()
.getClassLoader()).getBundle().equals(m_bundle))
{
return true;
}
If abundle registers a service through a ServiceFactory and if there is an active ServiceListener matching this service, those lines are executed inside the registering bundle's protection domain.
If this bundle does not have the (java.util.RuntimePermission 'getClassloader') privilege, the getClassLoader invocation throws a SecurityException and the listener is always called because the exception is catched at line 526 (isAssignableTo) of the same class.
The comment inside the catch does not seem to justify this case.
I think a simple privileged block around the bundle comparison is harmless and should fix this. It could be something like :
if (m_factory != null)
{
Bundle bundle = null;
if (System.getSecurityManager() == null)
{
if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
bundle = ((BundleReference) m_factory.getClass().getClassLoader()).getBundle();
}
}
else
{
bundle = AccessController.doPrivileged(new PrivilegedAction<Bundle>() {
public Bundle run() {
if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
return ((BundleReference) m_factory.getClass().getClassLoader()).getBundle();
}
return null;
}
});
}
if (bundle != null && bundle.equals(m_bundle)) {
return true;
}
}
> Classloader access outside of a privileged block
> ------------------------------------------------
>
> Key: FELIX-3992
> URL: https://issues.apache.org/jira/browse/FELIX-3992
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: framework-4.2.0
> Reporter: Romain Dubois
> Priority: Minor
> Labels: security
>
> In method org.apache.felix.framework.ServiceRegistrationImpl.isClassAccessible(Class), there is an access to the registered ServiceFactory classloader (lines 163:169 in v4.2.1):
> if ((m_factory != null)
> && (m_factory.getClass().getClassLoader() instanceof BundleReference)
> && !((BundleReference) m_factory.getClass()
> .getClassLoader()).getBundle().equals(m_bundle))
> {
> return true;
> }
> If a bundle registers a service through a ServiceFactory and if there is an active ServiceListener matching this service, those lines are executed inside the registering bundle's protection domain.
> If this bundle does not have the (java.util.RuntimePermission 'getClassloader') privilege, the getClassLoader invocation throws a SecurityException and the listener is always called because the exception is catched at line 526 (isAssignableTo) of the same class.
> The comment inside the catch block does not seem to justify this case.
> I think a simple privileged block around the bundle comparison is harmless and should fix this. It could be something like :
> if (m_factory != null)
> {
> Bundle bundle = null;
> if (System.getSecurityManager() == null)
> {
> if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
> bundle = ((BundleReference) m_factory.getClass().getClassLoader()).getBundle();
> }
> }
> else
> {
> bundle = AccessController.doPrivileged(new PrivilegedAction<Bundle>() {
> public Bundle run() {
> if ((m_factory.getClass().getClassLoader() instanceof BundleReference) {
> return ((BundleReference) m_factory.getClass().getClassLoader()).getBundle();
> }
> return null;
> }
> });
> }
>
> if (bundle != null && bundle.equals(m_bundle)) {
> return true;
> }
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira