You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Paul Burrowes (Jira)" <ji...@apache.org> on 2021/07/08 22:23:00 UTC
[jira] [Updated] (LOG4J2-3117) Log rollover throws
AccessControlException if called from an unprivileged context
[ https://issues.apache.org/jira/browse/LOG4J2-3117?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Burrowes updated LOG4J2-3117:
----------------------------------
Description:
Similar to LOG4J2-150. When using a security manager, logging from an unprivileged context can attempt to access system properties directly. Attempting to hack around this with a custom {{RolloverStrategy}} shows that other privileged actions such as creating files during rollover (done directly in {{RollingFileManager}}) also fail. I believe rollover should be performed inside a {{doPrivileged}} block to address these issues.
{code:java}
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.dir" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
at java.lang.System.getProperty(System.java:717)
at java.io.UnixFileSystem.resolve(UnixFileSystem.java:133)
at java.io.File.getAbsolutePath(File.java:556)
at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:161)
at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:66)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:369)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:278)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:218)
at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:267)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:448)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:433)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:63)
at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
at org.apache.log4j.Category.maybeLog(Category.java:452)
at org.apache.log4j.Category.info(Category.java:262)
at MySipServlet.sendInviteToMediaServer(MySipServlet.java:614)
at MySipServlet.doInvite(MySipServlet.java:119)
at javax.servlet.sip.SipServlet.doRequest(Unknown Source)
at MySipServlet.doRequest(MySipServlet.java:768)
at javax.servlet.sip.SipServlet.service(Unknown Source)
at MyServletHandler$2.call(MyServletHandler.java:344)
at MyServletHandler$2.call(MyServletHandler.java:341)
at MyEventHandler.doInvocation(MyEventHandler:182)
at MyEventHandler.deliverEvent(MyEventHandler:154)
at MyEventHandler.processEvent(MyEventHandler:98)
at MyEventRouter.run(MyEventRouter:100)
at MyContextLogger$1.run(MyContextLogger:24)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at MyExecutorThreadFactory$1$1.run(MyExecutorThreadFactory:458)
{code}
was:
Similar to LOG4J2-150. When using a security manager, logging from an unprivileged context can attempt to access system properties directly. It is likely, though not yet tested that other privileged actions such as creating files during rollover will also fail. I believe rollover should be performed inside a {{doPrivileged}} block.
{code:java}
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.dir" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
at java.lang.System.getProperty(System.java:717)
at java.io.UnixFileSystem.resolve(UnixFileSystem.java:133)
at java.io.File.getAbsolutePath(File.java:556)
at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:161)
at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:66)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:369)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:278)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:218)
at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:267)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:448)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:433)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:63)
at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
at org.apache.log4j.Category.maybeLog(Category.java:452)
at org.apache.log4j.Category.info(Category.java:262)
at MySipServlet.sendInviteToMediaServer(MySipServlet.java:614)
at MySipServlet.doInvite(MySipServlet.java:119)
at javax.servlet.sip.SipServlet.doRequest(Unknown Source)
at MySipServlet.doRequest(MySipServlet.java:768)
at javax.servlet.sip.SipServlet.service(Unknown Source)
at MyServletHandler$2.call(MyServletHandler.java:344)
at MyServletHandler$2.call(MyServletHandler.java:341)
at MyEventHandler.doInvocation(MyEventHandler:182)
at MyEventHandler.deliverEvent(MyEventHandler:154)
at MyEventHandler.processEvent(MyEventHandler:98)
at MyEventRouter.run(MyEventRouter:100)
at MyContextLogger$1.run(MyContextLogger:24)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at MyExecutorThreadFactory$1$1.run(MyExecutorThreadFactory:458)
{code}
> Log rollover throws AccessControlException if called from an unprivileged context
> ---------------------------------------------------------------------------------
>
> Key: LOG4J2-3117
> URL: https://issues.apache.org/jira/browse/LOG4J2-3117
> Project: Log4j 2
> Issue Type: Bug
> Reporter: Paul Burrowes
> Priority: Minor
>
> Similar to LOG4J2-150. When using a security manager, logging from an unprivileged context can attempt to access system properties directly. Attempting to hack around this with a custom {{RolloverStrategy}} shows that other privileged actions such as creating files during rollover (done directly in {{RollingFileManager}}) also fail. I believe rollover should be performed inside a {{doPrivileged}} block to address these issues.
> {code:java}
> java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.dir" "read")
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
> at java.lang.System.getProperty(System.java:717)
> at java.io.UnixFileSystem.resolve(UnixFileSystem.java:133)
> at java.io.File.getAbsolutePath(File.java:556)
> at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:161)
> at org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(FileRenameAction.java:66)
> at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:369)
> at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:278)
> at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:218)
> at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:267)
> at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
> at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
> at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
> at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
> at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:448)
> at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:433)
> at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
> at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
> at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:63)
> at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
> at org.apache.log4j.Category.maybeLog(Category.java:452)
> at org.apache.log4j.Category.info(Category.java:262)
> at MySipServlet.sendInviteToMediaServer(MySipServlet.java:614)
> at MySipServlet.doInvite(MySipServlet.java:119)
> at javax.servlet.sip.SipServlet.doRequest(Unknown Source)
> at MySipServlet.doRequest(MySipServlet.java:768)
> at javax.servlet.sip.SipServlet.service(Unknown Source)
> at MyServletHandler$2.call(MyServletHandler.java:344)
> at MyServletHandler$2.call(MyServletHandler.java:341)
> at MyEventHandler.doInvocation(MyEventHandler:182)
> at MyEventHandler.deliverEvent(MyEventHandler:154)
> at MyEventHandler.processEvent(MyEventHandler:98)
> at MyEventRouter.run(MyEventRouter:100)
> at MyContextLogger$1.run(MyContextLogger:24)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at MyExecutorThreadFactory$1$1.run(MyExecutorThreadFactory:458)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)