Bug 29959 - -Djava.security.manager doesn't work at all
Summary: -Djava.security.manager doesn't work at all
Status: NEW
Alias: None
Product: classpath
Classification: Unclassified
Component: classpath (show other bugs)
Version: 0.93
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-23 20:05 UTC by Roman Kennke
Modified: 2006-11-25 15:37 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2006-11-25 06:25:45


Attachments
Testcase (140 bytes, text/x-java)
2006-11-23 20:07 UTC, Roman Kennke
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Roman Kennke 2006-11-23 20:05:43 UTC
According to

http://java.sun.com/docs/books/tutorial/security/tour2/step2.html

setting the system property -Djava.security.manager should install an applet-like restrictive SecurityManager. Run the attache program with the RI:

roman@moonlight:~/src/test$ /usr/lib/jvm/java-1.5.0-sun/bin/java -Djava.security.manager TestProps 
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
        at java.lang.System.getProperty(System.java:628)
        at TestProps.main(TestProps.java:6)

With Classpath and JamVM this simply spits out the java.home property.
Comment 1 Roman Kennke 2006-11-23 20:07:06 UTC
Created attachment 12674 [details]
Testcase
Comment 2 Jeroen Frijters 2006-11-24 22:37:24 UTC
This report makes no sense and the test case uses an GNU Classpath private class.
Comment 3 Casey Marshall 2006-11-24 22:50:24 UTC
I think GCJ/gij has support for this. I'm not sure if this is something we can do properly in Classpath code, or if it requires VM support.

Does the test case mistakenly use SystemProperties when it should use System?

What else about this bug report doesn't make sense? Defining 'java.security.manager' to an empty string is supposed to install a security manager (technically, I think it is the default security manager, which loads the system policy file, NOT an applet-like sandbox).
Comment 4 Roman Kennke 2006-11-24 23:00:50 UTC
Sorry, that testcase is wrong. This was supposed to use System.getProperty() instead.
Comment 5 Casey Marshall 2006-11-25 06:25:44 UTC
Also, the default Policy loaded by Classpath is useless (it allows everything), so even if defining -Djava.security.manager loads a default security manager, it won't have much of an effect.

(Confirming.)
Comment 6 Jeroen Frijters 2006-11-25 15:37:12 UTC
Casey is correct that the default Policy loaded is useless, but the -Djava.security.manager option works fine.

Try this:

public class TestProps
{
  public static void main(String[] args)
  {
    System.out.println(System.getSecurityManager());
    System.err.println(System.getProperty("java.home"));
  }
}

You'll see that the first line does print out a SecurityManager instance when you specify -Djava.security.manager.

So, please close this bug and open a bug on the incorrect policy.