openjdk team mailing list archive

Thread
Date

[Bug 224455] Re: open jdk 6 truststore points to privileged access area

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: exactt <giesbert@xxxxxxxxx>
Date: Sat, 17 May 2008 10:42:18 -0000
Reply-to: Bug 224455 <224455@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

i just came here from https://bugs.launchpad.net/ubuntu/+source/icedtea-
java7/+bug/157721 . but with the ppa version i can't even run
http://www.java.com/en/download/help/testvm.xml . on the console i get:

TestVM 4.18 sc
Copyright (c) 2008 Sun Microsystems, Inc.
All Rights Reserved.
Current JRE version set in file: 605
GCJ PLUGIN: thread 0x622910: plugin_in_pipe_callback
GCJ PLUGIN: thread 0x622910: plugin_in_pipe_callback: setting status Ausnahme: java.lang.NumberFormatException: For input string: " "
  PIPE: plugin read: status Ausnahme: java.lang.NumberFormatException: For input string: " "
GCJ PLUGIN: thread 0x622910: plugin_in_pipe_callback return
  PIPE: appletviewer wrote: status Ausnahme: java.lang.NumberFormatException: For input string: " "
java.lang.NumberFormatException: For input string: " "
	at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
	at java.lang.Integer.parseInt(Integer.java:470)
	at java.lang.Integer.<init>(Integer.java:636)
	at testvmDynamicJavaCom.init(testvmDynamicJavaCom.java:195)
	at sun.applet.AppletPanel.run(AppletPanel.java:436)
	at java.lang.Thread.run(Thread.java:636)

-- 
open jdk 6 truststore points to privileged access area
https://bugs.launchpad.net/bugs/224455
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in GlassFish: Unknown
Status in Iced Tea: Confirmed
Status in Source Package "openjdk-6" in Ubuntu: Fix Released

Bug description:
open jdk 6 truststore setting "javax.net.ssl.trustStore" i.e "/etc/ssl/certs/ca-certificates.crt " points to an area in the filesystem (/etc/ssl) that usually requires privileged access for read, write and execute. 

So any app run as a regular user that were to implicitly depend on the default truststore could end up not working in Ubuntu unless they overrode with a custom system prop which they were not earlier doing. This may be a problem for Java apps that did not have such an setting made earlier. 

Seems to be by the following icedtea patch,
http://icedtea.classpath.org/hg/icedtea6/file/d0081b7856c8/patches/icedtea-certbundle.patch 

The "javax.net.ssl.trustStorePassword" has been set to an empty string too. Why?

References

[Bug 224455] [NEW] open jdk 6 truststore points to privileged access area
From: Nitya Doraisamy, 2008-04-29