RE: Windows Path Not Found for urandom

[Jeffrey Janner]

> -----Original Message-----
> From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
> Sent: Wednesday, August 29, 2012 10:56 AM
> To: Tomcat Users List
> Subject: Re: Windows Path Not Found for urandom
> 
> 2012/8/29 Jeffrey Janner <jeffrey.jan...@polydyne.com>:
> > The question is, is it something to be worried about?
> >
> >> -----Original Message-----
> >> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> >> Sent: Tuesday, August 28, 2012 10:21 AM
> >> To: Tomcat Users List ‎[users@tomcat.apache.org]‎
> >> Subject: Windows Path Not Found for urandom
> >>
> >>  apologize for the lack of details in advance, but I don't have the
> >> specifics yet.
> >>
> >> I have a customer that is using Tomcat (6.0.33?) on Windows and are
> >> monitoring the process with SysInternals Process Monitor.
> >> About every 5 seconds, they are seeing Tomcat.exe generate a "Path
> >> Not Found" error on a QueryOpen operation for the path
> D:\dev\urandom
> >> with a duration of around 0.00002.
> >> Since the path contains urandom, I assume it has something to do
> with
> >> the SSL routines.
> >> If they followed our standard install instructions, they should be
> >> using Tomcat 6.0.33 with the native/APR libraries that come with the
> >> installer.
> >>
> 
> 1. Can you stop top-posting?
> http://en.wikipedia.org/wiki/Posting_style#Choosing_the_proper_posting_
> style
[Jeff Janner] sorry, using that POS that Microsoft calls a email tool, and I 
sometimes forget.

> 2. " Confidentiality Notice"s are self-contradictory on a publicly
> archived mailing list.
[Jeff Janner] Hopefully, I've fixed the outbound filter that applies that 
automatically.

> 
> > The question is, is it something to be worried about?
> 
> 1. I'd be worried if there were something at that path.
> 
> Would randomness of something be compromised if there were a readable
> file there?
> 
> If there is nothing there and nothing can be created there, I think it
> is not much of an issue,  though an interesting one to investigate.
> 
> 2. If the file is opened by Java classes, you might try to run with a
> SecurityManager to find what tries to open it.
> 
> 3. You might try to create a file there (empty? small? unreadable?).
> Maybe something would start to fail (with EOFException or similar), or
> will hang waiting for data (and a threaddump will show what it is).
> 
> 
> Best regards,
> Konstantin Kolinko
> 

[Jeff Janner] 
Well, in trying to answer (1. & 3.) above, I actually created the file (empty). 
 Below is what I get in the catalina.log no matter whether I have an SSL 
connector or not, and whether the SSLEngine parameter of the 
APRLifecycleListener is on or off.  Notice that it tries to read it 3 times.  I 
don't see the errors if the file is missing.  It doesn’t seem to affect 
processing at all, except that I don't get anymore errors about it anywhere, 
even the process monitor tool, after startup.  It was interesting that on 
startup with the file, process monitor reported 3 read attempts, but without 
the file, it shows 6 PATH NOT FOUND errors.  And that's before any access of 
the app.  I'm not knowledgeable enough to know if it's affecting the SSL 
encryption, but I'm beginning to think it isn't.  I didn't notice is issues, 
hangs or slowness, but it might actually affect things if the file had enough 
data to meet the minimum byte requirements for SSL's entropy requirements.

The interesting thing was, I'm not seeing the issue here with the same 
frequency that the customer is.  In testing, with the file missing, besides the 
initial 6 PNFs, I could only get them to generate when I tried to login.  On 
connection, we throw up a regular jsp with a form for login credentials (not a 
Tomcat controlled auth form - don't ask me why or get me started, the decision 
was made way back at Tomcat 4.x). If I pass login, it generates 1 PNF, if I 
fail, it generates 2.  So I'm thinking it's definitely something in our code, 
and my customer must have something trying to login every 5 seconds.

Still, there are two good academic questions about why Tomcat tries to read it 
3 times on startup, and what happens to SSL if the file exists (though I'm not 
sure the SSL code is trying to read it under Windows, since I didn't see any 
evidence during testing).

012-08-29 11:52:29 Commons Daemon procrun stderr initialized
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], 
random [true].
Aug 29, 2012 11:52:29 AM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:52:29 AM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Aug 29, 2012 11:52:29 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 415 ms
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Aug 29, 2012 11:52:29 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.33
Aug 29, 2012 11:52:29 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Aug 29, 2012 11:52:29 AM org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Error reading /dev/urandom
java.io.EOFException
        at java.io.DataInputStream.readFully(DataInputStream.java:180)
        at java.io.DataInputStream.readLong(DataInputStream.java:399)
        at 
org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548)
        at 
org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993)
        at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767)
        at 
org.apache.catalina.session.StandardManager.start(StandardManager.java:630)
        at 
org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:446)
        at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4631)
        at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
        at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:675)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:601)
        at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
        at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
        at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
        at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:525)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 29, 2012 11:52:30 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml
Aug 29, 2012 11:52:30 AM org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Error reading /dev/urandom
java.io.EOFException
        at java.io.DataInputStream.readFully(DataInputStream.java:180)
        at java.io.DataInputStream.readLong(DataInputStream.java:399)
        at 
org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548)
        at 
org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993)
        at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767)
        at 
org.apache.catalina.session.StandardManager.start(StandardManager.java:630)
        at 
org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:446)
        at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4631)
        at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
        at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:675)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:601)
        at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
        at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
        at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
        at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:525)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 29, 2012 11:52:31 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Aug 29, 2012 11:52:31 AM org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Error reading /dev/urandom
java.io.EOFException
        at java.io.DataInputStream.readFully(DataInputStream.java:180)
        at java.io.DataInputStream.readLong(DataInputStream.java:399)
        at 
org.apache.catalina.session.ManagerBase.setRandomFile(ManagerBase.java:548)
        at 
org.apache.catalina.session.ManagerBase.getRandomBytes(ManagerBase.java:993)
        at org.apache.catalina.session.ManagerBase.init(ManagerBase.java:767)
        at 
org.apache.catalina.session.StandardManager.start(StandardManager.java:630)
        at 
org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:446)
        at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4631)
        at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
        at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
        at 
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1079)
        at 
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1002)
        at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:506)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
        at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
        at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
        at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:525)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 29, 2012 11:52:31 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:52:31 AM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Aug 29, 2012 11:52:31 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1594 ms
Aug 29, 2012 11:58:46 AM org.apache.coyote.http11.Http11AprProtocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:58:46 AM org.apache.coyote.ajp.AjpAprProtocol pause
INFO: Pausing Coyote AJP/1.3 on ajp-8009
Aug 29, 2012 11:58:47 AM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Aug 29, 2012 11:58:48 AM org.apache.coyote.http11.Http11AprProtocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
Aug 29, 2012 11:58:48 AM org.apache.coyote.ajp.AjpAprProtocol destroy
INFO: Stopping Coyote AJP/1.3 on ajp-8009