Re: Java 1.4.2_02 InsecurityManager JVM crash

From: Francisco Andrades (fandrades_at_nextj.com)
Date: 10/27/03

  • Next message: Andreas Reich: "Re: a dangerous fast spreading (yet simple) trojan horse."
    Date: Mon, 27 Oct 2003 16:01:18 -0400
    To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    
    

    Although this is a serious bug, the method SecurityManager.classDepth()
    has been deprecated for a while, you should not be using it.

    Seems to be a bug on native code (since it's deprecated it may not have
    been updated lately).

    Marc Schoenefeld wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Hello,
    >
    > Java 2 Security Managers are objects that should enforce
    > system integrity and safety. Everyone would expect that
    > the provided base classes from the JDK are therefore a
    > role model for code quality and stability. But that's
    > all theory. Let's do some practice:
    >
    > Imagine a lazy implementor (like me) of a SecurityManager,
    > he codes the following:
    >
    > /* InsecurityManager-Demonstration */
    > /* coded by Marc Schoenefeld */
    > public class InSecurityManager extends SecurityManager {
    >
    > public void doit() {
    > System.out.println("doit");
    > int o = classDepth(null);
    > }
    >
    > public static void main(String[] a) {
    > InSecurityManager m = new InSecurityManager();
    > m.doit();
    > }
    > }
    > When you run the class with the command
    >
    > java InSecurityManager
    >
    > you get a jvm crash, instead of a null pointer exception.
    > I tested this with the latest 1.3.1,1.4.1,1.4.2 implementations.
    > All Sun implementations crash, the IBM 1.4.1 (comes with
    > Websphere or Cloudscape) is stable.
    >
    > This sample of code will do no harm to productive environments,
    > because you cannot instantiate a second security manager, but
    > it may be a snapshot of the inner condition of jvm security.
    >
    > Lesson learned: Do not believe white papers or specifications,
    > test the implementation and report bugs to the vendor. Choose
    > a stable implementation.
    >
    > Sincerely
    > Marc Schoenefeld

    -- 
    Francisco Andrades Grassi
    www.nextj.com
    Tlf: +58-414-125-7415
    

  • Next message: Andreas Reich: "Re: a dangerous fast spreading (yet simple) trojan horse."

    Relevant Pages

    • Risks Digest 27.76
      ... UMD security breach exposes personal info of students, faculty, staff ... Gox Shakes Bitcoin World - NYTimes.com ... On the Suspicious Timing of iOS's SSL Vulnerability (John Gruber via ... Subject: iPhone's Critical Security Bug: a Single Bad `Goto' ...
      (comp.risks)
    • [Full-Disclosure] Re: Java 1.4.2_02 InsecurityManager JVM crash
      ... Although this is a serious bug, ... > Java 2 Security Managers are objects that should enforce ... > you get a jvm crash, instead of a null pointer exception. ... > a stable implementation. ...
      (Full-Disclosure)
    • Re: Java 1.4.2_02 InsecurityManager JVM crash
      ... Although this is a serious bug, ... > Java 2 Security Managers are objects that should enforce ... > you get a jvm crash, instead of a null pointer exception. ... > a stable implementation. ...
      (Full-Disclosure)
    • Risks Digest 24.91
      ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Adi Shamir's bug attack ... Security company e-mail undercuts user education ...
      (comp.risks)
    • Exim 3.34 and lower.
      ... Its a good time to announce that 2xs security LTD. decided to ... GDB is free software, covered by the GNU General Public License, and you ... will research and fix this bug. ... > the end of the string, reading garbage, causing a segfault, whatever. ...
      (Vuln-Dev)