java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")

QOS.ch JIRA | Christian Brensing | 4 years ago
  1. 0

    If Java-Security is enabled and the log message that triggers the file rolling (e.g. because the file size limit has been reached) has been written by code from an untrusted domain, an {{AccessControlException}} is thrown if the callers domain does not have the necessary privileges to rollover the logfile (read, write). That's because *every* domain in the call stack must have the required privileges. Example: * Security is enabled. * A log message is written (or an {{ILoggingEvent}} is fired) by unstrusted code. * *This* (!) event causes the file rollover. * {{SecurityException}} is thrown, because the logger call is in the rollover call stack. {code:title=Excerpt from StatusPrinter} ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FOO] - Appender [FOO] failed to append. java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60) at at java.security.AccessController.doPrivileged(Native Method) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186) at at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at at java.io.File.length(File.java:910) at at ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy.isTriggeringEvent(SizeBasedTriggeringPolicy.java:59) at at ch.qos.logback.core.rolling.RollingFileAppender.subAppend(RollingFileAppender.java:170) at at ch.qos.logback.core.OutputStreamAppender.append(OutputStreamAppender.java:103) at at ch.qos.logback.core.UnsynchronizedAppenderBase.doAppend(UnsynchronizedAppenderBase.java:88) at at ch.qos.logback.core.spi.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:48) at at ch.qos.logback.classic.Logger.appendLoopOnAppenders(Logger.java:272) at at ch.qos.logback.classic.Logger.callAppenders(Logger.java:259) at at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:441) at at ch.qos.logback.classic.Logger.filterAndLog_1(Logger.java:413) at at ch.qos.logback.classic.Logger.info(Logger.java:603) at at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at at java.lang.reflect.Method.invoke(Method.java:601) at at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:425) at at org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:292) ... {code} (i) In this example the untrusted code domain is {{JRuby}}, which has evaluated a script that wrote a log message. This issue can be solved by marking the rollover call from within the LOGBack domain as _privileged_ using {{AccessController.doPrivileged()}}. As the rollover is actually triggered in {{RollingFileAppender#subAppend(E event)}} this should be straightforward. Instead of {code:lang=java} if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } {code} we could use {code:lang=java} AccessController.doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() { if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } return null; } }); {code} to mark both the file read access in {{triggeringPolicy.isTriggeringEvent()}} as well as the write access in {{rollover()}} as _privileged_. (/) I will provide a simple pull request to fix this issue.

    QOS.ch JIRA | 4 years ago | Christian Brensing
    java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")
  2. 0

    If Java-Security is enabled and the log message that triggers the file rolling (e.g. because the file size limit has been reached) has been written by code from an untrusted domain, an {{AccessControlException}} is thrown if the callers domain does not have the necessary privileges to rollover the logfile (read, write). That's because *every* domain in the call stack must have the required privileges. Example: * Security is enabled. * A log message is written (or an {{ILoggingEvent}} is fired) by unstrusted code. * *This* (!) event causes the file rollover. * {{SecurityException}} is thrown, because the logger call is in the rollover call stack. {code:title=Excerpt from StatusPrinter} ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FOO] - Appender [FOO] failed to append. java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60) at at java.security.AccessController.doPrivileged(Native Method) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186) at at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at at java.io.File.length(File.java:910) at at ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy.isTriggeringEvent(SizeBasedTriggeringPolicy.java:59) at at ch.qos.logback.core.rolling.RollingFileAppender.subAppend(RollingFileAppender.java:170) at at ch.qos.logback.core.OutputStreamAppender.append(OutputStreamAppender.java:103) at at ch.qos.logback.core.UnsynchronizedAppenderBase.doAppend(UnsynchronizedAppenderBase.java:88) at at ch.qos.logback.core.spi.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:48) at at ch.qos.logback.classic.Logger.appendLoopOnAppenders(Logger.java:272) at at ch.qos.logback.classic.Logger.callAppenders(Logger.java:259) at at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:441) at at ch.qos.logback.classic.Logger.filterAndLog_1(Logger.java:413) at at ch.qos.logback.classic.Logger.info(Logger.java:603) at at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at at java.lang.reflect.Method.invoke(Method.java:601) at at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:425) at at org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:292) ... {code} (i) In this example the untrusted code domain is {{JRuby}}, which has evaluated a script that wrote a log message. This issue can be solved by marking the rollover call from within the LOGBack domain as _privileged_ using {{AccessController.doPrivileged()}}. As the rollover is actually triggered in {{RollingFileAppender#subAppend(E event)}} this should be straightforward. Instead of {code:lang=java} if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } {code} we could use {code:lang=java} AccessController.doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() { if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } return null; } }); {code} to mark both the file read access in {{triggeringPolicy.isTriggeringEvent()}} as well as the write access in {{rollover()}} as _privileged_. (/) I will provide a simple pull request to fix this issue.

    QOS.ch JIRA | 4 years ago | Christian Brensing
    java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")
  3. 0

    'Dummy' Pool Error and Documentreposit...

    jvoicexml | 5 years ago | dubstepboy
    java.security.AccessControlException: access denied ("java.util.PropertyPermission" "jvoicexml.vxml.version" "read")
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    signed applet gives AccessControlException: access denied, when calling from javascript

    Stack Overflow | 7 years ago | corgrath
    java.security.AccessControlException: access denied (java.io.FilePermission &lt;&lt;ALL FILES&gt;&gt; execute)
  6. 0

    Using external libraries over signed Java applet: InvocationTargetException when running locally with 7u51

    Stack Overflow | 3 years ago | user3437376
    java.security.AccessControlException: access denied

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.security.AccessControlException

      access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")

      at java.security.AccessControlContext.checkPermission()
    2. Java RT
      AccessControlContext.checkPermission
      1. java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
      1 frame
    3. Eclipse OSGi
      EquinoxSecurityManager$CheckPermissionAction.run
      1. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
      2. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
      2 frames
    4. Java RT
      AccessController.doPrivileged
      1. java.security.AccessController.doPrivileged(Native Method)
      1 frame
    5. Eclipse OSGi
      EquinoxSecurityManager.checkPermission
      1. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
      2. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
      2 frames
    6. Java RT
      File.length
      1. java.lang.SecurityManager.checkRead(SecurityManager.java:888)
      2. java.io.File.length(File.java:910)
      2 frames
    7. Logback Core Module
      AppenderAttachableImpl.appendLoopOnAppenders
      1. ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy.isTriggeringEvent(SizeBasedTriggeringPolicy.java:59)
      2. ch.qos.logback.core.rolling.RollingFileAppender.subAppend(RollingFileAppender.java:170)
      3. ch.qos.logback.core.OutputStreamAppender.append(OutputStreamAppender.java:103)
      4. ch.qos.logback.core.UnsynchronizedAppenderBase.doAppend(UnsynchronizedAppenderBase.java:88)
      5. ch.qos.logback.core.spi.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:48)
      5 frames
    8. Logback Classic Module
      Logger.info
      1. ch.qos.logback.classic.Logger.appendLoopOnAppenders(Logger.java:272)
      2. ch.qos.logback.classic.Logger.callAppenders(Logger.java:259)
      3. ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:441)
      4. ch.qos.logback.classic.Logger.filterAndLog_1(Logger.java:413)
      5. ch.qos.logback.classic.Logger.info(Logger.java:603)
      5 frames
    9. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      4. java.lang.reflect.Method.invoke(Method.java:601)
      4 frames
    10. JRuby Main Maven Artifact
      JavaMethod.invokeDirect
      1. org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:425)
      2. org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:292)
      2 frames