Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruby-based SecurityManager can recurse forever #7726

Closed
headius opened this issue Mar 16, 2023 · 0 comments
Closed

Ruby-based SecurityManager can recurse forever #7726

headius opened this issue Mar 16, 2023 · 0 comments
Milestone
JRuby 9.4.3.0

Comments

@headius
Copy link
Member

headius commented Mar 16, 2023

It appears that some logic in the invokebinder library is triggering a security check while acquiring a logger.

When Ruby is is compiled by JRuby's JIT using invokedynamic operations, the Binder class is used to set up chains of MethodHandle adaptations. This Binder class has logging features to aid debugging those adaptations, and for this it requests a new Logger instance for each Binder. This is unnecessary, since the loggers should be allocated once and shared for all calls to getLogger anyway, but apparently the security check continues to happen.

This leads to a scenario whereby combining a Ruby-based SecurityManager with invokedynamic causes Binder to trigger a security check, which calls back into the Ruby-based SecurityManager, and so on.

	at rubyobj.TestHigherJavasupport.JRubySecurityManager.checkPermission(test/jruby/test_higher_javasupport.rb:1975)
	at java.base/java.lang.Module.getClassLoader(Module.java:210)
	at java.base/jdk.internal.logger.DefaultLoggerFinder$1.run(DefaultLoggerFinder.java:149)
	at java.base/jdk.internal.logger.DefaultLoggerFinder$1.run(DefaultLoggerFinder.java:144)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
	at java.base/jdk.internal.logger.DefaultLoggerFinder.isSystem(DefaultLoggerFinder.java:144)
	at java.logging/java.util.logging.Logger.demandLogger(Logger.java:651)
	at java.logging/java.util.logging.Logger.getLogger(Logger.java:718)
	at java.logging/java.util.logging.Logger.getLogger(Logger.java:702)
	at org.jruby.dist/com.headius.invokebinder.Binder.<init>(Binder.java:71)
	at org.jruby.dist/com.headius.invokebinder.Binder.from(Binder.java:162)
	at org.jruby.dist/com.headius.invokebinder.SmartBinder.from(SmartBinder.java:89)
	at org.jruby.dist/org.jruby.ir.targets.indy.InvokeSite.prepareBinder(InvokeSite.java:509)
	at org.jruby.dist/org.jruby.ir.targets.indy.InvokeSite.<init>(InvokeSite.java:146)
	at org.jruby.dist/org.jruby.ir.targets.simple.NormalInvokeSite.<init>(NormalInvokeSite.java:26)
	at org.jruby.dist/org.jruby.ir.targets.simple.NormalInvokeSite.newSite(NormalInvokeSite.java:44)
	at org.jruby.dist/org.jruby.ir.targets.simple.NormalInvokeSite.bootstrap(NormalInvokeSite.java:40)
	at java.base/java.lang.invoke.BootstrapMethodInvoker.invoke(BootstrapMethodInvoker.java:168)
	at java.base/java.lang.invoke.CallSite.makeSite(CallSite.java:315)
	at java.base/java.lang.invoke.MethodHandleNatives.linkCallSiteImpl(MethodHandleNatives.java:281)
	at java.base/java.lang.invoke.MethodHandleNatives.linkCallSite(MethodHandleNatives.java:271)
	at test.jruby.test_higher_javasupport.RUBY$method$checkPermission$287(test/jruby/test_higher_javasupport.rb:1975)
	at test.jruby.test_higher_javasupport.RUBY$method$checkPermission$287$__VARARGS__(test/jruby/test_higher_javasupport.rb:1975)
	at org.jruby.dist/org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:202)
	at org.jruby.dist/org.jruby.RubyClass.finvoke(RubyClass.java:792)
	at org.jruby.dist/org.jruby.runtime.Helpers.invoke(Helpers.java:660)
	at org.jruby.dist/org.jruby.RubyBasicObject.callMethod(RubyBasicObject.java:369)
	at rubyobj.TestHigherJavasupport.JRubySecurityManager.checkPermission(test/jruby/test_higher_javasupport.rb:1975)

A simple fix would be to make the logger a static final field in Binder.
headius added a commit to headius/invokebinder that referenced this issue Mar 16, 2023
@headius
Use a static logger
90e266c 
There's no need to acquire a new logger instance, since they are
thread-safe and shared across `getLogger` calls. Those calls do,
however, trigger a security check to make sure you have access to
the logger, and this led to jruby/jruby#7726.

Ths fix is to use a static logger. A better fix I will consider
might be to just remove this feature or require users provide a
logger.
This was referenced Mar 16, 2023
Merged
Merged
headius added a commit to headius/jruby that referenced this issue Mar 16, 2023
@headius
Use invokebinder 1.13 to avoid logger security check
faef718 
See headius/invokebinder#15 and jruby#7726.
@headius headius added this to the JRuby 9.4.3.0 milestone Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
JRuby 9.4.3.0
Development

No branches or pull requests
1 participant
@headius