Modify

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#16204 closed enhancement (fixed)

Sandbox mode

Reported by: Don-vip Owned by: team
Priority: normal Milestone: 18.04
Component: Core Webstart Version:
Keywords: icedtea web security Cc:

Description

Thanks to our best friends at Oracle (joke: see #16047, this) and Red Hat (for real, see here), I'm playing with IcedTea-Web on Windows.

It works perfectly with full permissions, but IcedTea-Web allows users to launch a WebStart application in "sandbox" mode (a lot of things are denied) or in custom mode (user can choose what is allowed by the security manager, and what is not).

Currently JOSM crashes during startup in sandbox mode:

The 'Permissions' attribute of this application is 'all-permissions'. You have chosen the Sandbox run option, which overrides the Permissions manifest attribute, or the applet has already been automatically sandboxed.
java.lang.ExceptionInInitializerError
        at org.openstreetmap.josm.tools.ListenerList.create(ListenerList.java:242)
        at org.openstreetmap.josm.data.Preferences.<init>(Preferences.java:112)
        at org.openstreetmap.josm.Main.<clinit>(Main.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:571)
        at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:940)
Caused by: java.security.AccessControlException: access denied ("java.util.logging.LoggingPermission" "control")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
        at java.security.AccessController.checkPermission(AccessController.java:884)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:291)
        at java.util.logging.LogManager.checkPermission(LogManager.java:1586)
        at java.util.logging.Handler.checkPermission(Handler.java:310)
        at java.util.logging.Handler.setLevel(Handler.java:265)
        at org.openstreetmap.josm.tools.Logging$RememberWarningHandler.<init>(Logging.java:407)
        at org.openstreetmap.josm.tools.Logging.<clinit>(Logging.java:51)
        ... 9 more

Exception in thread "JOSM (development version)" java.lang.RuntimeException: java.lang.ExceptionInInitializerError
        at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:963)
Caused by: java.lang.ExceptionInInitializerError
        at org.openstreetmap.josm.tools.ListenerList.create(ListenerList.java:242)
        at org.openstreetmap.josm.data.Preferences.<init>(Preferences.java:112)
        at org.openstreetmap.josm.Main.<clinit>(Main.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:571)
        at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:940)
Caused by: java.security.AccessControlException: access denied ("java.util.logging.LoggingPermission" "control")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
        at java.security.AccessController.checkPermission(AccessController.java:884)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:291)
        at java.util.logging.LogManager.checkPermission(LogManager.java:1586)
        at java.util.logging.Handler.checkPermission(Handler.java:310)
        at java.util.logging.Handler.setLevel(Handler.java:265)
        at org.openstreetmap.josm.tools.Logging$RememberWarningHandler.<init>(Logging.java:407)
        at org.openstreetmap.josm.tools.Logging.<clinit>(Logging.java:51)
        ... 9 more

So I'm curious to see what we can actually do in this mode by adding some robustness.

Attachments (1)

security_warning.png (11.3 KB ) - added by Klumbumbus 6 years ago.

Download all attachments as: .zip

Change History (18)

comment:1 by Don-vip, 6 years ago

In 13647/josm:

see #16204 - Allow to start and close JOSM in WebStart sandbox mode (where every external access is denied). This was very useful to reproduce some very tricky bugs that occured in real life but were almost impossible to diagnose.

comment:2 by Don-vip, 6 years ago

In 13648/josm:

see #16204 - allow to load embedded images by disabling ImageIO cache in case of SecurityException

comment:3 by Don-vip, 6 years ago

Resolution: fixed
Status: newclosed

In 13649/josm:

fix #16204 - allow to create a new layer, draw, drag, open a few windows. Nothing more to hope in sandbox mode. At least JOSM is now more robust than ever.

comment:4 by Don-vip, 6 years ago

In 13650/josm:

see #16204 - fix unit test, checkstyle

comment:5 by Klumbumbus, 6 years ago

I think this is related to this ticket.

I now get an Java (JOSM is set to english, but the warning is in german) security warning when selecting a way with an wikidata item e.g. osmwww:way/389125372 (wikipedia plugin must be installed).

Meanwhile in the console:

2018-04-20 18:50:08.862 SEVERE: Unable to get system property: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "os.name" "read")
2018-04-20 18:50:08.863 SEVERE: Unable to get system env: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.ProgramFiles(x86)")
2018-04-20 18:50:08.863 SEVERE: Unable to get system property: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.version" "read")
2018-04-20 18:50:20.114 INFO: GET https://www.wikidata.org/w/api.php?action=wbgetentities&props=labels|descriptions&ids=Q802856&format=xml (Wikipedia) -> 200 (309 B)

The decision is remembered until JOSM restart.

I never saw such a warning before and this warning might irritate the users, especially as there are no further deeper information.


URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2018-04-19 23:04:48 +0200 (Thu, 19 Apr 2018)
Build-Date:2018-04-20 01:31:54
Revision:13650
Relative:URL: ^/trunk

Identification: JOSM/1.5 (13650 en) Windows 10 64-Bit
OS Build number: Windows 10 Pro 1709 (16299)
Memory Usage: 1691 MB / 3641 MB (1442 MB allocated, but free)
Java version: 1.8.0_171-b11, Oracle Corporation, Java HotSpot(TM) 64-Bit Server VM
Screen: \Display0 1680x1050
Maximum Screen Size: 1680x1050
VM arguments: [-Djava.security.manager, -Djava.security.policy=file:<java.home>\lib\security\javaws.policy, -DtrustProxy=true, -Djnlpx.home=<java.home>\bin, -Djnlpx.origFilenameArg=C:\Program Files (x86)\josm-latest-mehr-RAM.jnlp, -Djnlpx.remove=false, -Djava.util.Arrays.useLegacyMergeSort=true, -Djnlpx.heapsize=1024m,4096m, -Djnlpx.splashport=60885, -Djnlpx.jvm=<java.home>\bin\javaw.exe]
Dataset consistency test: No problems found

Plugins:
+ DirectUpload (34109)
+ HouseNumberTaggingTool (34109)
+ Mapillary (v1.5.10)
+ OpeningHoursEditor (34095)
+ apache-commons (34109)
+ apache-http (34109)
+ buildings_tools (34109)
+ editgpx (34109)
+ ejml (34126)
+ geotools (34125)
+ imagery-xml-bounds (34109)
+ imagery_offset_db (34109)
+ jogl (1.1.0)
+ jts (34038)
+ log4j (34038)
+ measurement (34109)
+ reltoolbox (34130)
+ reverter (34109)
+ tag2link (34109)
+ tageditor (34109)
+ tagging-preset-tester (34109)
+ terracer (34109)
+ turnlanes-tagging (263)
+ turnrestrictions (34129)
+ undelete (34109)
+ utilsplugin2 (34109)
+ wikipedia (34149)

by Klumbumbus, 6 years ago

Attachment: security_warning.png added

comment:6 by Don-vip, 6 years ago

Can you please give me the English translation of the security warning?

comment:7 by Klumbumbus, 6 years ago

Security warning

Application has requested a permission for the connection establishment to www.wikidata.org. Do you want to allow this action?

Name: JOSM (development version)

Directory: https://josm.openstreetmap.de

OK Cancel

comment:8 by Don-vip, 6 years ago

And it doesn't happen with josm-tested.jnlp?

comment:9 by Don-vip, 6 years ago

You can try the following:

.\javaws.exe https://josm.openstreetmap.de/download/josm-13646.jnlp

It launches the last snapshot before these commits.
We can see the following in console:

2018-04-20 20:42:45.780 AVERTISSEMENT: Could not fetch Wikidata label for Q802856
2018-04-20 20:42:45.780 AVERTISSEMENT: java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "os.name" "read"). Cause : java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "os.name" "read"). Cause : java.security.AccessControlException: access denied ("java.util.PropertyPermission" "os.name" "read")
java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "os.name" "read")
...
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "os.name" "read")
...
	at java.lang.System.getProperty(Unknown Source)
	at org.openstreetmap.josm.tools.PlatformHookWindows.getOSDescription(PlatformHookWindows.java:272)
	at org.openstreetmap.josm.data.Version.getAgentString(Version.java:189)
	at org.openstreetmap.josm.data.Version.getAgentString(Version.java:169)
	at org.openstreetmap.josm.data.Version.getFullAgentString(Version.java:200)
	at org.openstreetmap.josm.tools.HttpClient.connect(HttpClient.java:104)
	at org.openstreetmap.josm.tools.HttpClient.connect(HttpClient.java:87)
	at org.wikipedia.WikipediaApp.connect(WikipediaApp.java:88)
	at org.wikipedia.WikipediaApp.getLabelForWikidata(WikipediaApp.java:419)
	... 8 more

The plugin was already failing to access Wikidata because of the first security issues.

r13647 made JOSM more robust to these issues and now Wikipedia plugin really tries to connect to Wikidata and displays a new security issue.

I need to find out why these security issues are triggered.

Last edited 6 years ago by Don-vip (previous) (diff)

comment:10 by Don-vip, 6 years ago

Found it. It's the same issue that ticket:15722#comment:7:

if a SecurityManager is present, then the ForkJoinPool common pool uses a factory supplying threads that have no Permissions enabled.

The Wikipedia plugin does the following:

        ids.forEach(id ->
                labelCache.computeIfAbsent(id, x ->
                        CompletableFuture.supplyAsync(() -> WikipediaApp.getLabelForWikidata(x, Locale.getDefault())))
        );

And the javadoc of CompletableFuture.supplyAsync states:

Returns a new CompletableFuture that is asynchronously completed by a task running in the ForkJoinPool#commonPool()

in reply to:  9 comment:11 by Klumbumbus, 6 years ago

Replying to Don-vip:

The plugin was already failing to access Wikidata because of the first security issues.

Ah yes same for me and same console print as you posted with josm-tested.jnlp and wikipedia version 34109.

comment:12 by Don-vip, 6 years ago

Should be fixed in [o34159] + [o34160] can you please check in a few minutes?

comment:13 by Klumbumbus, 6 years ago

It works like a charm again :)

2018-04-20 21:40:53.377 INFORMATION: GET https://www.wikidata.org/w/api.php?action=wbgetentities&props=labels|descriptions&ids=Q802856&format=xml (Wikipedia) -> 200 (309 B)

comment:14 by Don-vip, 6 years ago

Ticket #15744 has been marked as a duplicate of this ticket.

comment:15 by Don-vip, 6 years ago

In 13656/josm:

see #16204 - make the missing icon detector script happy

comment:16 by stoecker, 6 years ago

You only need to add /* ICON */ beforce the texts, not change the code. The code supports exceptions. ☺️

comment:17 by Don-vip, 6 years ago

In 13658/josm:

see #16204 - make the missing icon detector script happy (for real)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.