Differences between revisions 3 and 4
Revision 3 as of 2013-11-06 00:06:50
Size: 9859
Comment:
Revision 4 as of 2013-11-08 05:10:12
Size: 10013
Comment:
Deletions are marked like this. Additions are marked like this.
Line 28: Line 28:
 . For examples of Privileged Block code, see: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/PrivilegedFileOpsForTests.java?revision=1537394&view=markup or http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TimeZoneTestSetup.java?revision=1524579&view=markup. However, this is in test code, but typically, you want to put Priviledged code in private methods, for example: http://svn.apache.org/viewvc/db/derby/code/trunk/java/tools/org/apache/derby/impl/tools/sysinfo/Main.java?view=markup  . For examples of Privileged Block code in derby source, see: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/PrivilegedFileOpsForTests.java?revision=1537394&view=markup or http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TimeZoneTestSetup.java?revision=1524579&view=markup. However, this is in test code, but typically, you want to put Priviledged code in private methods, for example: http://svn.apache.org/viewvc/db/derby/code/trunk/java/tools/org/apache/derby/impl/tools/sysinfo/Main.java?view=markup. And for more examples with explanation see this guide: http://docs.oracle.com/javase/7/docs/technotes/guides/security/doprivileged.html.

How to analyze a Security Manager Issue

Introduction

Java has the concept of Security Manager. You can read up on this here: http://docs.oracle.com/javase/7/docs/api/java/lang/SecurityManager.html, and for more detail: http://docs.oracle.com/javase/7/docs/technotes/guides/security/ and http://www.oracle.com/technetwork/java/seccodeguide-139067.html

In simple terms, running under SecurityManager involves the following aspects:

Debugging a Security Issue

Typically an indication that you are dealing with a security manager issue is that you get an "access denied" error. There are three types of Security Manager issues you might encounter:

  • security manager issues where a third part or user application is at fault
  • security manager issues where the java class library is at fault
  • security manager issues where the derby code is at fault.

The first step to debugging a security manager issue is to determine which class library is at fault. First identify what java API call is being made. For this you need the stack trace from the Exception.

If the code is in a Derby user's application or in other third party software, you're done, just point them to the stack trace. If it's a Java class Library, you need to create a test case, with a program and a policy file and report to the vendor. If it's a Derby problem, you need to add a privileged block and/or adjust the policy files.

Example 1: Java Class Library

Step 1: Analyze the Stack Trace:

  • at java.security.AccessController.checkPermission(AccessController.java:108)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
    at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1286)
    at java.lang.System.getProperty(System.java:428)
    at java.lang.System.getProperty(System.java:412)
    at com.ibm.crypto.provider.IBMJCE.(Unknown Source)
    at java.lang.J9VMInternals.newInstanceImpl(Native Method)
    at java.lang.Class.newInstance(Class.java:1329)
    at org.apache.harmony.security.fortress.Services.newInstance(Services.java:853)
    at org.apache.harmony.security.fortress.Services.access$500(Services.java:55)
    at org.apache.harmony.security.fortress.Services$NormalServices.createProviderInstance(Services.java:286)
    at org.apache.harmony.security.fortress.Services$NormalServices.createDefaultProviderInstance(Services.java:253)
    at org.apache.harmony.security.fortress.Services$NormalServices.getService(Services.java:391)
    at org.apache.harmony.security.fortress.Services$NormalServices.access$2000(Services.java:128)
    at org.apache.harmony.security.fortress.Services.getService(Services.java:785)
    at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:133)
    at java.security.MessageDigest.getInstance(MessageDigest.java:75)
    at org.apache.derby.impl.jdbc.authentication.BasicAuthenticationServiceImpl.boot(Unknown Source)
    at org.apache.derby.impl.services.monitor.BaseMonitor.boot(Unknown Source)
    at org.apache.derby.impl.services.monitor.TopService.bootModule(Unknown Source)

In this example the class throwing the security exception is "java.security.MessageDigest.getInstance()".

Step 2: Look at the java API javadoc

In the example above, this is:

Should this method throw a security exception? If not as in this case the problem is probably in the java class library.

Step 3: Create a stand-alone java reproduction to report to the vendor

Step 3.a. Create a small java program with the call.

If the problem is a java class library issue, try to make a stand alone java reproduction to report to the vendor. First make a small java program with the call. Analyzing the source code will help. For example:

  • import java.security.*;
    
    public class TestMessageDigest {
    
        public static void main(String[] args) throws Exception {
        System.out.println(MessageDigest.getInstance("SHA-1"));
    
        }
    }

Step 3.b. Create a policy file

Next make a policy file. In this case we don't need any special permissions, so the policy file does not have any. See http://download.java.net/jdk8/docs/technotes/guides/security/permissions.html for a description of the available permissions.

  • //my.policy file
    grant codeBase "file:c:/repro/mesdigest"
    {
    
    }

Step 3.c Run with Security Manager

Next run the program with security manager on.

  • java -Djava.security.manager -Djava.security.policy=my.policy TestMessageDigest

Step 4: Report the problem to the vendor

Do this using your support channels.

Example 2: Derby Issue

The other kind of issue is one where we find the java class library is expected to throw a permission error, but Derby does not wrap the call in a privilege block. An example of such a case is DERBY-6349 where an intentional change to the java class library caused a test failure.

Step 1: Analyze the Stack Trace

The failure had the following stack trace:

  • 1) DaylightSavingTestjava.security.AccessControlException: Access denied ("java.util.PropertyPermission" "user.timezone" "write")
           at java.security.AccessController.throwACE(AccessController.java:100)
            at .(Unknown Source)
            at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
            at java.util.TimeZone.hasPermission(TimeZone.java:756)
            at java.util.TimeZone.setDefault(TimeZone.java:778)
            at org.apache.derbyTesting.junit.TimeZoneTestSetup.setUp(TimeZoneTestSetup.java:59)
            at junit.extensions.TestSetup$1.protect(TestSetup.java:22)
            at junit.extensions.TestSetup.run(TestSetup.java:27)
            at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)

Here again we identify the java API call. In this case TimeZone.setDefault(), called from TimeZoneTestSetup.

Step 2: Look at the java API javadoc

The Derby code in TimeZoneTestSetup was doing this:

setDefault(requestedDefault);

where requestedDefault was a valid Timezone object passed in. The super class' method setDefault was called.

After checking with the jvm vendor, it seemed with a newer JVM version we now needed 'write' permission for this call. So we needed to

Step 3a. Wrap the offending call in a Privileged Block

Wrap the setDefault call in a privilege block, e.g.

  • AccessController.doPrivileged(
                    new PrivilegedAction() {
                        public Object run() throws SecurityException {
                            TimeZone.setDefault(tz);
                            return null;
                        }});

Step 3.b. Add permissions to the Policy File

Make sure the correct permissions are in the policy file. In this case we needed:

  • permission java.util.PropertyPermission "user.timezone", "write";
    };

AnalyzingSecurityManagerIssues (last edited 2013-11-08 05:10:12 by MyrnavanLunteren)