why in java.policy not add user.dir property?

Discussion in 'Java' started by junzhang1983@gmail.com, Jul 18, 2008.

  1. Guest

    below is an example of java.policy:

    // Standard extensions get all permissions by default

    grant codeBase "file:${{java.ext.dirs}}/*" {
    permission java.security.AllPermission;
    };

    // default permissions granted to all domains

    grant {
    // Allows any thread to stop itself using the java.lang.Thread.stop()
    // method that takes no argument.
    // Note that this permission is granted by default only to remain
    // backwards compatible.
    // It is strongly recommended that you either remove this permission
    // from this policy file or further restrict it to code sources
    // that you specify, because Thread.stop() is potentially unsafe.
    // See "http://java.sun.com/notes" for more information.
    permission java.lang.RuntimePermission "stopThread";

    // allows anyone to listen on un-privileged ports
    permission java.net.SocketPermission "localhost:1024-", "listen";

    // "standard" properies that can be read by anyone

    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "java.vendor", "read";
    permission java.util.PropertyPermission "java.vendor.url", "read";
    permission java.util.PropertyPermission "java.class.version", "read";
    permission java.util.PropertyPermission "os.name", "read";
    permission java.util.PropertyPermission "os.version", "read";
    permission java.util.PropertyPermission "os.arch", "read";
    permission java.util.PropertyPermission "file.separator", "read";
    permission java.util.PropertyPermission "path.separator", "read";
    permission java.util.PropertyPermission "line.separator", "read";

    permission java.util.PropertyPermission "java.specification.version",
    "read";
    permission java.util.PropertyPermission "java.specification.vendor",
    "read";
    permission java.util.PropertyPermission "java.specification.name",
    "read";

    permission java.util.PropertyPermission
    "java.vm.specification.version", "read";
    permission java.util.PropertyPermission
    "java.vm.specification.vendor", "read";
    permission java.util.PropertyPermission "java.vm.specification.name",
    "read";
    permission java.util.PropertyPermission "java.vm.version", "read";
    permission java.util.PropertyPermission "java.vm.vendor", "read";
    permission java.util.PropertyPermission "java.vm.name", "read";
    };


    l wondered why not add permission java.util.PropertyPermission
    "user.dir", "read"; in java.policy,
    but when in my code :
    System.out.println("property user.dir
    is:"+System.getProperty("user.dir"));

    output is:
    property user.dir is:D:\work log\eclipse\Test

    why l have the read permission to "user.dir", l think it should throw
    SecurityException
    who can teach me why?
    , Jul 18, 2008
    #1
    1. Advertising

  2. Roedy Green Guest

    On Thu, 17 Jul 2008 19:57:57 -0700 (PDT),
    wrote, quoted or indirectly quoted someone who said :

    >permission java.util.PropertyPermission "java.version", "read";


    This is the list of permissions granted to everyone, even unsigned
    applets you stumble upon while browsing the web.

    This list normally excludes anything to do with writing the hard disk.
    You don't want to give pirates any slack.
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Jul 19, 2008
    #2
    1. Advertising

  3. Roedy Green Guest

    On Thu, 17 Jul 2008 19:57:57 -0700 (PDT),
    wrote, quoted or indirectly quoted someone who said :

    >l wondered why not add permission java.util.PropertyPermission
    >"user.dir", "read"; in java.policy,
    >but when in my code :
    >System.out.println("property user.dir
    >is:"+System.getProperty("user.dir"));


    Applications naturally get that permission even without signing. They
    can read any System property.

    WHERE Java grants that permission, I don't know. I do know that
    applications have no problem reading System properties even if you do
    nothing at all to the policy file..

    See http://mindprod.com/applet/wassup.html
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Jul 19, 2008
    #3
  4. Arne Vajhøj Guest

    Roedy Green wrote:
    > On Thu, 17 Jul 2008 19:57:57 -0700 (PDT),
    > wrote, quoted or indirectly quoted someone who said :
    >> l wondered why not add permission java.util.PropertyPermission
    >> "user.dir", "read"; in java.policy,
    >> but when in my code :
    >> System.out.println("property user.dir
    >> is:"+System.getProperty("user.dir"));

    >
    > Applications naturally get that permission even without signing. They
    > can read any System property.
    >
    > WHERE Java grants that permission, I don't know. I do know that
    > applications have no problem reading System properties even if you do
    > nothing at all to the policy file..


    Not true.

    Write an application, set a security manager and try and
    call System.getProperty("user.dir") - then you will see:

    Exception in thread "main" java.security.AccessControlException: access
    denied (java.util.PropertyPermission user.dir read)

    Arne
    Arne Vajhøj, Jul 19, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UnVkeQ==?=

    Sub Dir, Virtual dir, what do I use?

    =?Utf-8?B?UnVkeQ==?=, Jun 12, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    422
    =?Utf-8?B?UnVkeQ==?=
    Jun 12, 2005
  2. Mr. SweatyFinger
    Replies:
    2
    Views:
    1,849
    Smokey Grindel
    Dec 2, 2006
  3. Matthew Denner
    Replies:
    1
    Views:
    181
  4. Kga Agk
    Replies:
    2
    Views:
    147
    Kga Agk
    Jun 29, 2009
  5. Nick Gnedin
    Replies:
    2
    Views:
    160
Loading...

Share This Page