openjdk team mailing list archive

Thread
Date

[Bug 596688] Re: code from privileged sources executed with restricted permissions

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <596688@xxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Aug 2011 16:09:39 -0000
Reply-to: Bug 596688 <596688@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: openjdk-6 (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/596688

Title:
  code from privileged sources executed with restricted permissions

Status in “openjdk-6” package in Ubuntu:
  Confirmed

Bug description:
  When executing a Java applet or calling Java directly from Firefox
  chrome:// code (e.g., Firefox extensions), the code should be granted
  AllPermissions. Given that chrome:// code has shell execution
  privileges, this is not a security hole. Permissions are handled
  properly by the Sun NPRuntime Java plug-in, and were handled mostly
  properly by the old OJI/LiveConnect plug-in.

  Running the following from a Firefox overlay:

  new
  java.net.URLClassLoader(java.lang.reflect.Array.newInstance(java.lang.Class.forName("java.net.URL"),
  0));

  produces the following error in icedtea6-plugin-6b18-1.8-0ubuntu1

  java.lang.reflect.InvocationTargetException
  	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
  	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
  	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
  	at sun.applet.PluginAppletSecurityContext$6.run(PluginAppletSecurityContext.java:1050)
  	at java.security.AccessController.doPrivileged(Native Method)
  	at sun.applet.PluginAppletSecurityContext.handleMessage(PluginAppletSecurityContext.java:1047)
  	at sun.applet.AppletSecurityContextManager.handleMessage(AppletSecurityContextManager.java:69)
  	at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:273)
  	at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
  Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
  	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
  	at java.security.AccessController.checkPermission(AccessController.java:553)
  	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
  	at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:282)
  	at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
  	at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:194)
  	at java.lang.ClassLoader.<init>(ClassLoader.java:243)
  	at java.security.SecureClassLoader.<init>(SecureClassLoader.java:94)
  	at java.net.URLClassLoader.<init>(URLClassLoader.java:130)
  	... 10 more
  Error on Java side: LiveConnectPermissionNeeded access denied (java.lang.RuntimePermission createClassLoader)

  This same code executes without a hitch in the sun-java6-plugin-6
  .20dlj-1ubuntu3. This is currently preventing the Zotero OpenOffice
  plug-in from working on a default Ubuntu installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/596688/+subscriptions

References

[Bug 596688] [NEW] code from privileged sources executed with restricted permissions
From: Simon Kornblith, 2010-06-20