JDK-8016046 : (process) Strict validation of input should be security manager case only [win]
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.lang
  • Affected Version: 7u21,7u25,8
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2013-06-06
  • Updated: 2017-05-17
  • Resolved: 2013-06-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 JDK 8
5.0u55Fixed 6-poolResolved 7u40Fixed 8 b96Fixed
Related Reports
Duplicate :  
Relates :  
Description
The changes in JDK-8005942 (with follow up changes JDK-8009463 and JDK-8012453) involve parsing the command-line input to determine the command and arguments parts. The parsing includes checking for quoting and other special cases such as CMD and BAT files.

These changes are causing huge pain to developers and customers that have been using Runtime.exec and ProcessBuilder in insecure and sloppy ways. In summary we cannot change the JDK to impose rules around quoting and special cases after 15 years without causing major breakage and compatibility issues for customers and developers.

This bug is submitted to re-visit this topic with a view to only imposing the strict parsing and checking when there is a security manager set. When not running with a security manager then the JDK should just pass the command to Windows as it always did. Clearly there is still potential for breakage when running with a security manager but any usages of Runtime.exec and ProcessBuilder in this context need to be done in a secure manner.

One downside of reverting to long standing behavior that developers will continue to use Runtime.exec in sloppy ways. One possible aid would be to introduce a property that allows developers to strict parsing. If the diagnostic output is good then it would help developers to create the command strings correctly.


Comments
Verified with jdk8/b97 with provided regression test.
05-07-2013

SQE is OK with this fix
20-06-2013

I will approve this - provided that 1) there's SQE-OK and 2) the release team reviews and doesn't have any concerns. Please get SQE to review and mark with SQE-OK if they agree to this fix
20-06-2013