mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gaël Lalire (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SSHD-332) Nio2 & security
Date Mon, 30 Jun 2014 13:22:24 GMT

    [ https://issues.apache.org/jira/browse/SSHD-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14047647#comment-14047647

Gaël Lalire commented on SSHD-332:

I found a way to run sshd in secure env by using mina even in java 7 & 8 :
sshd.setIoServiceFactoryFactory(new MinaServiceFactoryFactory());

However it can be interesting to know if Nio2 is misused or misimplemented.
I attached a jar and its sources so you can reproduce the issue with below commands :
java -jar securesshd-0.0.1-SNAPSHOT-jar-with-dependencies.jar
ssh -p 1111

An exception should occurs on java side if Nio2 is available.
Exception occurs at least with Oracle JDK8 on Mac OS X and OpenJDK7 on fedora.

> Nio2 & security
> ---------------
>                 Key: SSHD-332
>                 URL: https://issues.apache.org/jira/browse/SSHD-332
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.11.0
>         Environment: Oracle Java 8
>            Reporter: Gaël Lalire
>         Attachments: securesshd-0.0.1-SNAPSHOT-jar-with-dependencies.jar, securesshd.zip
>   Original Estimate: 96h
>  Remaining Estimate: 96h
> I don't know if it is a JVM bug or normal behavior but a ProtectionDomain with no permission
is associated with completionHandler thread by sun.misc.InnocuousThread class.
> As a result if a security manager is set all code in completionHandler has no permission
(event if policy grants all permission).
> If the behavior of JVM is correct then you should add AccessController.doPrivileged()
when entering completionHandler.
> You can also check if a SecurityManager is set and run without Nio2 as a quick fix.

This message was sent by Atlassian JIRA

View raw message