Hi, Thanks Alan for the clarification and the documentation fixes! This does not solve the "returns null if not found or otherwise denied" issue, but this is a problem from the early Java days, which cannot be fixed anymore (to throw useful Exception if resource not found).
To fix our own code (we also have some getResource[AsStream]() calls in Lucene's codebase without doPrivileged), I opened the following issue: https://issues.apache.org/jira/browse/LUCENE-7502 We cannot fix this in 3rd party JARs, so we cannot remove our extra permission. Nevertheless, the "original" issue with the symlinked home directory should be solved separately. I made a proposal to Max (Weijun Wang) how to fix this while reading the policy file. We fixed the problem locally by fixing the Jenkins User account running the tests to not have a symlinked user.home dir anymore. Uwe ----- Uwe Schindler [email protected] ASF Member, Apache Lucene PMC / Committer Bremen, Germany http://lucene.apache.org/ > -----Original Message----- > From: Alan Bateman [mailto:[email protected]] > Sent: Tuesday, October 18, 2016 12:40 PM > To: Uwe Schindler <[email protected]>; [email protected]; > 'Wang Weijun' <[email protected]> > Cc: 'Dalibor Topic' <[email protected]>; 'Balchandra Vaidya' > <[email protected]>; 'Muneer Kolarkunnu' > <[email protected]>; 'Rory O'Donnell' > <[email protected]>; Mandy Chung <[email protected]> > Subject: Re: [JENKINS-EA] Lucene-Solr-master-Linux (32bit/jdk-9-ea+140) - > Build # 18064 - Unstable! > > > > On 18/10/2016 10:25, Uwe Schindler wrote: > > : > > From my perspective this looks wrong, because there is no security > implications documented on Class#getResource, so it is completely unclear > that you actually need a doPrivileged when calling > Class#getResource[AsStream](). This is a separate issue and has nothing to > do with your changes. It was and still is broken, IMHO. > > > Just to say that Class#getResources has always done a permission check > but the spec didn't properly document this. We have improved the spec in > the jigsaw/jake forest (as part of the effort to specify how resources > in modules are located) and this includes specifying the longstanding > permission check [1]. I can't say yet when this will be in JSR because > the changes in this area are tied to a number of issues under discussion > in JSR 376. > > -Alan > > [1] > http://download.java.net/java/jigsaw/docs/api/java/lang/Class.html#getRes > ource-java.lang.String- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
