[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13914731#comment-13914731 ] Rick Hillegas commented on LUCENE-5471: --- Thanks for the help and the discussion so far, Hoss and Uwe. Attaching a second rev of the SecureLucene test program. This version pares back the permissions in order to expose the minimal attack surface which I can configure by myself. Here are the minimal permissions which the test program grants in order to run successfully under a Java Security Manager: {noformat} // permissions granted to Lucene grant codeBase file:/Users/rh161140/derby/derby-590/trunk/tools/java/lucene-core-4.5.0.jar { // permissions for file access, write access only to sandbox: permission java.io.FilePermission ALL FILES, read; permission java.io.FilePermission /Users/rh161140/derby/derby-590/luceneTest, read,write,delete; permission java.io.FilePermission /Users/rh161140/derby/derby-590/luceneTest/-, read,write,delete; // Basic permissions needed for Lucene to work: permission java.util.PropertyPermission user.dir, read; permission java.util.PropertyPermission sun.arch.data.model, read; permission java.lang.reflect.ReflectPermission *; permission java.lang.RuntimePermission *; }; // permissions granted to the application grant codeBase file:/Users/rh161140/src/ { // permissions for file access, write access only to sandbox: permission java.io.FilePermission ALL FILES, read; permission java.io.FilePermission /Users/rh161140/derby/derby-590/luceneTest, read,write; permission java.io.FilePermission /Users/rh161140/derby/derby-590/luceneTest/-, read,write,delete; // Basic permissions needed for Lucene to work: permission java.util.PropertyPermission user.dir, read; permission java.util.PropertyPermission sun.arch.data.model, read; }; {noformat} I have some follow on comments and questions: 1) Is it really necessary to grant Lucene every RuntimePermission and the privilege to read every file in the file system? Maybe these grants can be tightened. 2) I don't understand why the calling, application code needs to be granted any permissions. Maybe some more privilege blocks could be added to the Lucene code? In particular, it seems a shame that the application has to be granted the privilege to read every file in the file system. 3) Most of the application permissions are self-revealing. That is, if I omit one of them, then I get an exception telling me that the permission needs to be granted. However, that is not the case for the first permission granted to the application... permission java.io.FilePermission ALL FILES, read; ...Without that permission, I get the original puzzling exception: Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec..., which doesn't really tell me what the problem is. Maybe the wording of that exception could be improved so that the user can be told that one of its root causes is a failure to grant the application and Lucene read access to every file in the file system. Thanks, -Rick Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: []
[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13912019#comment-13912019 ] Robert Muir commented on LUCENE-5471: - I think its a bug in your securitymanager config (e.g. you are missing reflectpermission or something really necessary). We use lucene in a securitymanager when running tests, see config here: http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/tools/junit4/tests.policy Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: [] at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109) at org.apache.lucene.codecs.Codec.forName(Codec.java:95) at org.apache.lucene.codecs.Codec.clinit(Codec.java:122) ... 8 more -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13912047#comment-13912047 ] Rick Hillegas commented on LUCENE-5471: --- Thanks, Robert. After adding all of those permissions to my policy file, the test runs cleanly. Thanks. Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: [] at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109) at org.apache.lucene.codecs.Codec.forName(Codec.java:95) at org.apache.lucene.codecs.Codec.clinit(Codec.java:122) ... 8 more -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13912054#comment-13912054 ] Hoss Man commented on LUCENE-5471: -- bq. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I suspect this is because of when/how SPI is used - if the codec is resolved before you load the security manager, then that info is still available in NamedSPILoader. if you did a NamedSPILoader.reload() on your classloader after activating the SecurityManager, you'd probably see the same problem no matter what. bq. I think its a bug in your securitymanager config (e.g. you are missing reflectpermission or something really necessary). yeah ... w/o showing us what security manager you are using, it's hard to guess what the specific problem might be. that said: it's strange that you got an IllegalArgumentException from NamedSPILoader instead of a SecurityException ... i can't think of any (legitimate) reason why that should have happened, unless we're swallowing RuntimeExceptions in the SPI Loader code? Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: [] at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109) at org.apache.lucene.codecs.Codec.forName(Codec.java:95) at org.apache.lucene.codecs.Codec.clinit(Codec.java:122) ... 8 more -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13912070#comment-13912070 ] Uwe Schindler commented on LUCENE-5471: --- Hoss: We don't swallow the SecurityException. I think, with a SecurityManager enabled and some missing persmissions, stuff like ClassLoader#getResources() simply don't work and return an empty enumeration. So it does not find any resources from classloader, because code has no permissions to see the code. This is defined in the spec - see [http://docs.oracle.com/javase/7/docs/api/java/lang/ClassLoader.html#getResources(java.lang.String)]: An enumeration of URL objects for the resource. If no resources could be found, the enumeration will be empty. Resources that the class loader doesn't have access to will not be in the enumeration. So there is nothing we can do against that. Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: [] at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109) at org.apache.lucene.codecs.Codec.forName(Codec.java:95) at org.apache.lucene.codecs.Codec.clinit(Codec.java:122) ... 8 more -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13912083#comment-13912083 ] Hoss Man commented on LUCENE-5471: -- bq. null if the resource could not be found or the invoker doesn't have adequate privileges to get the resource. Grr... yeah, i forgot about that ... lack of permissions for accessing thing frequently looks the same as if thing doesn't exist. We could, conceivably, ask the SecurityManager if we have the permissions we know we are going to need to do the things we want to do though, correct? and then if we get a SecurityException, wrap it in another SecurityException with details about why lucnee can't work w/o that permision? (I'm not saying i'm convinced we should -- just wondering if other people think it would be helpful) Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: [] at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109) at org.apache.lucene.codecs.Codec.forName(Codec.java:95) at org.apache.lucene.codecs.Codec.clinit(Codec.java:122) ... 8 more -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
[ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13912089#comment-13912089 ] Uwe Schindler commented on LUCENE-5471: --- I thought about that, too. Question is: What privilege is needed to do this? The problem is: depending on the ClassLoader we may see some stuff, others not. Has to do with the crazy codebase attribute in the policy file. You may only see some specific JAR files or only some java packages. So mostly impossible to get the real reason, without the code down in the ClassLoader hierarchy throwing a SecurityEx. I think we should keep it as it is. Maybe document it, that you need permissions to see the JAR files and resources in it. Classloader issues when running Lucene under a java SecurityManager --- Key: LUCENE-5471 URL: https://issues.apache.org/jira/browse/LUCENE-5471 Project: Lucene - Core Issue Type: Bug Affects Versions: 4.5 Reporter: Rick Hillegas Attachments: SecureLucene.java I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will attach a test program which shows this problem. The program works fine when a SecurityManager is not installed. But the program fails when I install a SecurityManager. Even more puzzling, the program works if I first run it without a SecurityManager, then install a SecurityManager, then re-run the program, all within the lifetime of a single JVM. I would appreciate advice about how to work around this problem: Exception in thread main java.lang.ExceptionInInitializerError at org.apache.lucene.index.LiveIndexWriterConfig.init(LiveIndexWriterConfig.java:122) at org.apache.lucene.index.IndexWriterConfig.init(IndexWriterConfig.java:165) at SecureLucene$1.run(SecureLucene.java:129) at SecureLucene$1.run(SecureLucene.java:122) at java.security.AccessController.doPrivileged(Native Method) at SecureLucene.getIndexWriter(SecureLucene.java:120) at SecureLucene.runTest(SecureLucene.java:72) at SecureLucene.main(SecureLucene.java:52) Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting this SPI to your classpath.The current classpath supports the following names: [] at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109) at org.apache.lucene.codecs.Codec.forName(Codec.java:95) at org.apache.lucene.codecs.Codec.clinit(Codec.java:122) ... 8 more -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org