java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")

QOS.ch JIRA | Christian Brensing | 4 years ago
tip
Do you know that we can give you better hits? Get more relevant results from Samebug’s stack trace search.
  1. 0

    If Java-Security is enabled and the log message that triggers the file rolling (e.g. because the file size limit has been reached) has been written by code from an untrusted domain, an {{AccessControlException}} is thrown if the callers domain does not have the necessary privileges to rollover the logfile (read, write). That's because *every* domain in the call stack must have the required privileges. Example: * Security is enabled. * A log message is written (or an {{ILoggingEvent}} is fired) by unstrusted code. * *This* (!) event causes the file rollover. * {{SecurityException}} is thrown, because the logger call is in the rollover call stack. {code:title=Excerpt from StatusPrinter} ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FOO] - Appender [FOO] failed to append. java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60) at at java.security.AccessController.doPrivileged(Native Method) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186) at at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at at java.io.File.length(File.java:910) at at ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy.isTriggeringEvent(SizeBasedTriggeringPolicy.java:59) at at ch.qos.logback.core.rolling.RollingFileAppender.subAppend(RollingFileAppender.java:170) at at ch.qos.logback.core.OutputStreamAppender.append(OutputStreamAppender.java:103) at at ch.qos.logback.core.UnsynchronizedAppenderBase.doAppend(UnsynchronizedAppenderBase.java:88) at at ch.qos.logback.core.spi.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:48) at at ch.qos.logback.classic.Logger.appendLoopOnAppenders(Logger.java:272) at at ch.qos.logback.classic.Logger.callAppenders(Logger.java:259) at at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:441) at at ch.qos.logback.classic.Logger.filterAndLog_1(Logger.java:413) at at ch.qos.logback.classic.Logger.info(Logger.java:603) at at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at at java.lang.reflect.Method.invoke(Method.java:601) at at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:425) at at org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:292) ... {code} (i) In this example the untrusted code domain is {{JRuby}}, which has evaluated a script that wrote a log message. This issue can be solved by marking the rollover call from within the LOGBack domain as _privileged_ using {{AccessController.doPrivileged()}}. As the rollover is actually triggered in {{RollingFileAppender#subAppend(E event)}} this should be straightforward. Instead of {code:lang=java} if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } {code} we could use {code:lang=java} AccessController.doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() { if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } return null; } }); {code} to mark both the file read access in {{triggeringPolicy.isTriggeringEvent()}} as well as the write access in {{rollover()}} as _privileged_. (/) I will provide a simple pull request to fix this issue.

    QOS.ch JIRA | 4 years ago | Christian Brensing
    java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")
  2. 0

    If Java-Security is enabled and the log message that triggers the file rolling (e.g. because the file size limit has been reached) has been written by code from an untrusted domain, an {{AccessControlException}} is thrown if the callers domain does not have the necessary privileges to rollover the logfile (read, write). That's because *every* domain in the call stack must have the required privileges. Example: * Security is enabled. * A log message is written (or an {{ILoggingEvent}} is fired) by unstrusted code. * *This* (!) event causes the file rollover. * {{SecurityException}} is thrown, because the logger call is in the rollover call stack. {code:title=Excerpt from StatusPrinter} ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FOO] - Appender [FOO] failed to append. java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read") at at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60) at at java.security.AccessController.doPrivileged(Native Method) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88) at at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186) at at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at at java.io.File.length(File.java:910) at at ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy.isTriggeringEvent(SizeBasedTriggeringPolicy.java:59) at at ch.qos.logback.core.rolling.RollingFileAppender.subAppend(RollingFileAppender.java:170) at at ch.qos.logback.core.OutputStreamAppender.append(OutputStreamAppender.java:103) at at ch.qos.logback.core.UnsynchronizedAppenderBase.doAppend(UnsynchronizedAppenderBase.java:88) at at ch.qos.logback.core.spi.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:48) at at ch.qos.logback.classic.Logger.appendLoopOnAppenders(Logger.java:272) at at ch.qos.logback.classic.Logger.callAppenders(Logger.java:259) at at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:441) at at ch.qos.logback.classic.Logger.filterAndLog_1(Logger.java:413) at at ch.qos.logback.classic.Logger.info(Logger.java:603) at at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at at java.lang.reflect.Method.invoke(Method.java:601) at at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:425) at at org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:292) ... {code} (i) In this example the untrusted code domain is {{JRuby}}, which has evaluated a script that wrote a log message. This issue can be solved by marking the rollover call from within the LOGBack domain as _privileged_ using {{AccessController.doPrivileged()}}. As the rollover is actually triggered in {{RollingFileAppender#subAppend(E event)}} this should be straightforward. Instead of {code:lang=java} if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } {code} we could use {code:lang=java} AccessController.doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() { if (triggeringPolicy.isTriggeringEvent(currentlyActiveFile, event)) { rollover(); } return null; } }); {code} to mark both the file read access in {{triggeringPolicy.isTriggeringEvent()}} as well as the write access in {{rollover()}} as _privileged_. (/) I will provide a simple pull request to fix this issue.

    QOS.ch JIRA | 4 years ago | Christian Brensing
    java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")
  3. 0

    'Dummy' Pool Error and Documentreposit...

    jvoicexml | 5 years ago | dubstepboy
    java.security.AccessControlException: access denied ("java.util.PropertyPermission" "jvoicexml.vxml.version" "read")
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    another HelloImpl/RMI problem

    Google Groups | 2 decades ago | malal...@my-deja.com
    java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
  6. 0

    signed applet gives AccessControlException: access denied, when calling from javascript

    Stack Overflow | 8 years ago | corgrath
    java.security.AccessControlException: access denied (java.io.FilePermission &lt;&lt;ALL FILES&gt;&gt; execute)

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.security.AccessControlException

      access denied ("java.io.FilePermission" "/home/christian/foo/bar/logs/foo.log" "read")

      at java.security.AccessControlContext.checkPermission()
    2. Java RT
      AccessControlContext.checkPermission
      1. java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
      1 frame
    3. Eclipse OSGi
      EquinoxSecurityManager$CheckPermissionAction.run
      1. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
      2. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
      2 frames
    4. Java RT
      AccessController.doPrivileged
      1. java.security.AccessController.doPrivileged(Native Method)
      1 frame
    5. Eclipse OSGi
      EquinoxSecurityManager.checkPermission
      1. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
      2. org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
      2 frames
    6. Java RT
      File.length
      1. java.lang.SecurityManager.checkRead(SecurityManager.java:888)
      2. java.io.File.length(File.java:910)
      2 frames
    7. Logback Core Module
      AppenderAttachableImpl.appendLoopOnAppenders
      1. ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy.isTriggeringEvent(SizeBasedTriggeringPolicy.java:59)
      2. ch.qos.logback.core.rolling.RollingFileAppender.subAppend(RollingFileAppender.java:170)
      3. ch.qos.logback.core.OutputStreamAppender.append(OutputStreamAppender.java:103)
      4. ch.qos.logback.core.UnsynchronizedAppenderBase.doAppend(UnsynchronizedAppenderBase.java:88)
      5. ch.qos.logback.core.spi.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:48)
      5 frames
    8. Logback Classic Module
      Logger.info
      1. ch.qos.logback.classic.Logger.appendLoopOnAppenders(Logger.java:272)
      2. ch.qos.logback.classic.Logger.callAppenders(Logger.java:259)
      3. ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:441)
      4. ch.qos.logback.classic.Logger.filterAndLog_1(Logger.java:413)
      5. ch.qos.logback.classic.Logger.info(Logger.java:603)
      5 frames
    9. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      4. java.lang.reflect.Method.invoke(Method.java:601)
      4 frames
    10. JRuby Main Maven Artifact
      JavaMethod.invokeDirect
      1. org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:425)
      2. org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:292)
      2 frames