United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-7175692 : (process) Process.exec should use posix_spawn [macosx]

Details
Type:
Enhancement
Submit Date:
2012-06-09
Status:
Closed
Updated Date:
2013-08-15
Project Name:
JDK
Resolved Date:
2013-08-15
Component:
core-libs
OS:
os_x
Sub-Component:
java.lang
CPU:
x86
Priority:
P2
Resolution:
Duplicate
Affected Versions:
7
Fixed Versions:
8

Related Reports
Duplicate:
Duplicate:

Sub Tasks

Description
FULL PRODUCT VERSION :
openjdk version "1.7.0-internal"
OpenJDK Runtime Environment (build 1.7.0-internal-marco_2012_06_01_11_35-b00)
OpenJDK 64-Bit Server VM (build 23.2-b03, mixed mode)

Also tried with:

java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b21)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b21, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Darwin Kernel Version 11.4.0 :xnu-1699.26.8~1/RELEASE_X86_64 x86_64

A DESCRIPTION OF THE PROBLEM :
If a process is executing inside the sandbox environment it will not be able to create child processes. All calls to Runtime.getRuntime().exec() will fail.

According to Apple documentation, the child process does not automatically inherit the entitlements of the parent unless it is spawn using posix_spawn.

  See also discussion on the macosx-port-dev OpenJDK mailing list at: http://mail.openjdk.java.net/pipermail/macosx-port-dev/2012-June/004375.html

REGRESSION.  Last worked in version 6u31

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile the code given below.
Create an entitlements file to activate the sandbox
Create and sign an application bundle (.app).
Run the application
See the error report in Console.app

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I expect no errors.
ACTUAL -
Crash because of denied read access to /dev/fd

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Process:         JavaAppLauncher [72563]
Path:            /Users/user/Documents/Projects/runtimetest/dist/RuntimeTest.app/Contents/MacOS/JavaAppLauncher
Load Address:    0x102079000
Identifier:      JavaAppLauncher
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  JavaAppLauncher [72562]

Date/Time:       2012-06-09 09:14:28.933 +0100
OS Version:      Mac OS X 10.7.4 (11E53)
Report Version:  7

Backtrace:
0   libsystem_kernel.dylib        	0x00007fff89bbeafa __open_nocancel + 10
1   libsystem_c.dylib             	0x00007fff878a9033 __opendir2$INODE64 + 51
2   libjava.dylib                 	0x0000000102f1f60a Java_java_lang_UNIXProcess_forkAndExec + 1369
3                                 	0x0000000102f5ef90
4                                 	0x0000000102f532d4
5                                 	0x0000000102f53158
6                                 	0x0000000102f53333
7                                 	0x0000000102f53333
8                                 	0x0000000102f53333
9                                 	0x0000000102f53333
10                                	0x0000000102f53333
11                                	0x0000000102f4d4f7
12  libjvm.dylib                  	0x0000000102608a03 JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) + 557
13  libjvm.dylib                  	0x00000001026087d0 JavaCalls::call(JavaValue*, methodHandle, JavaCallArguments*, Thread*) + 40
14  libjvm.dylib                  	0x000000010262051e _ZL17jni_invoke_staticP7JNIEnv_P9JavaValueP8_jobject11JNICallTypeP10_jmethodIDP18JNI_ArgumentPusherP6Thread + 217
15  libjvm.dylib                  	0x0000000102619947 jni_CallStaticVoidMethod + 267
16  libjli.dylib                  	0x00000001022f44b2 JavaMain + 2481
17  libsystem_c.dylib             	0x00007fff8789c8bf _pthread_start + 335
18  libsystem_c.dylib             	0x00007fff8789fb75 thread_start + 13

Binary Images:
       0x1022f1000 -        0x1022fbfff +net.java.openjdk.jdk (1.0 - 1.7.0) <F8C53D5C-A85D-3247-AD96-76F82DD0258D> /Users/user/Documents/Projects/runtimetest/dist/RuntimeTest.app/Contents/PlugIns/jdk1.7.0.jdk/Contents/MacOS/libjli.dylib
       0x102383000 -        0x1029f7ff7 +libjvm.dylib (??? - ???) <DF9781A7-5E18-3759-9A06-8646D7DFA798> /Users/user/Documents/Projects/runtimetest/dist/RuntimeTest.app/Contents/PlugIns/jdk1.7.0.jdk/Contents/Home/jre/lib/server/libjvm.dylib
       0x102f14000 -        0x102f35fef +libjava.dylib (??? - ???) <461B31E1-915B-3E02-B801-FBF76ACA0119> /Users/user/Documents/Projects/runtimetest/dist/RuntimeTest.app/Contents/PlugIns/jdk1.7.0.jdk/Contents/Home/jre/lib/libjava.dylib
    0x7fff8784e000 -     0x7fff8792bfef  libsystem_c.dylib (763.13.0 - compatibility 1.0.0) <41B43515-2806-3FBC-ACF1-A16F35B7E290> /usr/lib/system/libsystem_c.dylib
    0x7fff89ba8000 -     0x7fff89bc8fff  libsystem_kernel.dylib (1699.26.8 - compatibility 1.0.0) <1DDC0B0F-DB2A-34D6-895D-E5B2B5618946> /usr/lib/system/libsystem_kernel.dylib
TextEdit(72452) deny mach-lookup com.apple.KernelExtensionServer

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.IOException;

public  class RuntimeTest {

    public static void main(String[] args) {
        try {
            Runtime.getRuntime().exec("ls");
        } catch(IOException ex) {
        }
    }
} 

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
None in Java. Writing some native code that uses NSTask and wrap it with JNI seems to work.

                                    

Comments
This has been fixed by the changes for JDK-5049299 in jdk8.
                                     
2013-08-15
EVALUATION

We should change the Process code to use posix_spawn for jdk8.
                                     
2012-06-09



Hardware and Software, Engineered to Work Together