openjdk team mailing list archive

Thread
Date

[Bug 224455] Re: open jdk 6 truststore points to privileged access area

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <224455@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Feb 2011 08:09:25 -0000
Reply-to: Bug 224455 <224455@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: icedtea
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/224455

Title:
  open jdk 6 truststore points to privileged access area

Status in GlassFish:
  Unknown
Status in Iced Tea:
  Invalid
Status in “openjdk-6” package in Ubuntu:
  Fix Released

Bug description:
  open jdk 6 truststore setting "javax.net.ssl.trustStore" i.e
  "/etc/ssl/certs/ca-certificates.crt " points to an area in the
  filesystem (/etc/ssl) that usually requires privileged access for
  read, write and execute.

  So any app run as a regular user that were to implicitly depend on the
  default truststore could end up not working in Ubuntu unless they
  overrode with a custom system prop which they were not earlier doing.
  This may be a problem for Java apps that did not have such an setting
  made earlier.

  Seems to be by the following icedtea patch,
  http://icedtea.classpath.org/hg/icedtea6/file/d0081b7856c8/patches/icedtea-certbundle.patch 

  The "javax.net.ssl.trustStorePassword" has been set to an empty string
  too. Why?

References

[Bug 224455] [NEW] open jdk 6 truststore points to privileged access area
From: Nitya Doraisamy, 2008-04-29