[
https://issues.apache.org/jira/browse/SSHD-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14055224#comment-14055224
]
Gaël Lalire commented on SSHD-332:
----------------------------------
My version is newer
java version "1.8.0_05"
Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
I found the commit which avoid all permissions for NIO2 handler (6 month ago)
in openjdk
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c4baa68f4e3a
I think it is a JVM bug to use it for NIO2 handler.
> Nio2 & security
> ---------------
>
> Key: SSHD-332
> URL: https://issues.apache.org/jira/browse/SSHD-332
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.11.0
> Environment: Oracle Java 8
> Reporter: Gaël Lalire
> Attachments: securesshd-0.0.1-SNAPSHOT-jar-with-dependencies.jar,
> securesshd.zip
>
> Original Estimate: 96h
> Remaining Estimate: 96h
>
> I don't know if it is a JVM bug or normal behavior but a ProtectionDomain
> with no permission is associated with completionHandler thread by
> sun.misc.InnocuousThread class.
> As a result if a security manager is set all code in completionHandler has no
> permission (event if policy grants all permission).
> If the behavior of JVM is correct then you should add
> AccessController.doPrivileged() when entering completionHandler.
> You can also check if a SecurityManager is set and run without Nio2 as a
> quick fix.
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
