[
https://issues.apache.org/jira/browse/SSHD-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14047647#comment-14047647
]
Gaël Lalire commented on SSHD-332:
----------------------------------
I found a way to run sshd in secure env by using mina even in java 7 & 8 :
sshd.setIoServiceFactoryFactory(new MinaServiceFactoryFactory());
However it can be interesting to know if Nio2 is misused or misimplemented.
I attached a jar and its sources so you can reproduce the issue with below
commands :
java -jar securesshd-0.0.1-SNAPSHOT-jar-with-dependencies.jar
ssh -p 1111 127.0.0.1
An exception should occurs on java side if Nio2 is available.
Exception occurs at least with Oracle JDK8 on Mac OS X and OpenJDK7 on fedora.
> Nio2 & security
> ---------------
>
> Key: SSHD-332
> URL: https://issues.apache.org/jira/browse/SSHD-332
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.11.0
> Environment: Oracle Java 8
> Reporter: Gaël Lalire
> Attachments: securesshd-0.0.1-SNAPSHOT-jar-with-dependencies.jar,
> securesshd.zip
>
> Original Estimate: 96h
> Remaining Estimate: 96h
>
> I don't know if it is a JVM bug or normal behavior but a ProtectionDomain
> with no permission is associated with completionHandler thread by
> sun.misc.InnocuousThread class.
> As a result if a security manager is set all code in completionHandler has no
> permission (event if policy grants all permission).
> If the behavior of JVM is correct then you should add
> AccessController.doPrivileged() when entering completionHandler.
> You can also check if a SecurityManager is set and run without Nio2 as a
> quick fix.
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
