JDK-8154009 : Some methods of java.security.Security require more permissions, than necessary
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6,7,8
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-04-11
  • Updated: 2016-10-13
  • Resolved: 2016-06-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8u112 b01Fixed
Related Reports
Relates :  
JDK-8162916 - [TEST_BUG] sun/security/krb5/auto/UnboundSSL.java fails
Description
If I use getProviders method from java.security.Security class with Security manager, I would have to specify following permissions:

grant codeBase "file:${{java.ext.dirs}}/*" {
        permission java.lang.RuntimePermission "loadLibrary.*";
        permission java.io.FilePermission "<<ALL FILES>>", "read";
        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
};

Same is applicable to addProvider method.
That is, above mentioned permissions should be added to the  SecurityPermission("insertProvider."+provider.getName())  mentioned in the specification.

Those additional permissions are present in java.policy file stored inside JDK. But it looks rather strange to me that simple request to getProviders would work only if I explicitly allow to load full list of providers.

This problem can be identified only if we switch-off usage of policy file declared in standard JDK. To do so, we need to call java like the following:
<JDK_path>/bin/java -Djava.security.manager -Dpolicy==<policy_file>
Comments
[~akosarev] Do we still have a problem given the below stacktrace ? [1]. I was going to add extra permissions to the test policy file but your approach in this fix suggests that such config issues should be a silent provider-load failure if certain permission are lacking to initialize a provider. Would you regard missing permission to read sunpkcs11-solaris.cfg for SunPKCS11 provider as same issue? Should we fail or continue ? java.lang.ExceptionInInitializerError at UnboundSSL.start(UnboundSSL.java:78) at UnboundSSL.main(UnboundSSL.java:48) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) <snip> Caused by: java.security.ProviderException: Error parsing configuration at sun.security.pkcs11.Config.getConfig(Config.java:88) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.getProvider(ProviderList.java:233) at sun.security.jca.ProviderList$3.get(ProviderList.java:148) at sun.security.jca.ProviderList$3.get(ProviderList.java:143) at java.util.AbstractList$Itr.next(AbstractList.java:358) at java.security.SecureRandom.getPrngAlgorithm(SecureRandom.java:558) at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:194) at java.security.SecureRandom.<init>(SecureRandom.java:162) at KDC.<clinit>(KDC.java:127) ... 8 more Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/jdk/8u112/fcs/b07/binaries/solaris-sparcv9/jre/lib/security/sunpkcs11-solaris.cfg" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.FileInputStream.<init>(FileInputStream.java:127) at java.io.FileInputStream.<init>(FileInputStream.java:93) at sun.security.pkcs11.Config.<init>(Config.java:211) at sun.security.pkcs11.Config.getConfig(Config.java:84)
09-08-2016
Simple code below can break if we call programm like this: <JDK_path>/bin/java -Djava.security.manager -Djava.security.policy==./policy TerminalFactorySpiTest where policy file is empty import java.security.Security; import java.util.Arrays; public class TerminalFactorySpiTest { public static void main(String[] args) throws Exception { try{ System.out.println(Arrays.asList(Security.getProviders())); }catch(ExceptionInInitializerError err){ err.printStackTrace(); } } } Stack trace: java.lang.ExceptionInInitializerError at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:357) at java.lang.Class.newInstance(Class.java:310) at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205) at sun.security.jca.ProviderList.loadAll(ProviderList.java:264) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:281) at sun.security.jca.Providers.getFullProviderList(Providers.java:129) at java.security.Security.getProviders(Security.java:421) at TerminalFactorySpiTest.main(TerminalFactorySpiTest.java:11) Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.sunmscapi) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:549) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkLink(SecurityManager.java:818) at java.lang.Runtime.loadLibrary0(Runtime.java:817) at java.lang.System.loadLibrary(System.java:1028) at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:32) at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:30) at java.security.AccessController.doPrivileged(Native Method) at sun.security.mscapi.SunMSCAPI.<clinit>(SunMSCAPI.java:30) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:357) at java.lang.Class.newInstance(Class.java:310) at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205) at sun.security.jca.ProviderList.loadAll(ProviderList.java:264) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:281) at sun.security.jca.Providers.getFullProviderList(Providers.java:129) at java.security.Security.getProviders(Security.java:421)
30-05-2016