public
Created

Fix for PACL java.lang.SecurityException: Attempted to get environment name *

  • Download Gist
RuntimeChecker.java.patch
Diff
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
diff --git a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
index cb358bf..67999be 100644
--- a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
+++ b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
@@ -51,6 +51,7 @@ public class RuntimeChecker extends BaseReflectChecker {
public void afterPropertiesSet() {
initClassLoaderReferenceIds();
+ initEnvironmentVariables();
}
public void checkPermission(Permission permission) {
@@ -363,6 +364,12 @@ public class RuntimeChecker extends BaseReflectChecker {
}
protected boolean hasGetEnv(String name) {
+ if (_environmentVariables.contains(name) ||
+ _environmentVariables.contains(StringPool.STAR)) {
+
+ return true;
+ }
+
Class<?> callerClass7 = Reflection.getCallerClass(7);
if (callerClass7 == AbstractApplicationContext.class) {
@@ -473,6 +480,22 @@ public class RuntimeChecker extends BaseReflectChecker {
}
}
+ protected void initEnvironmentVariables() {
+ _environmentVariables = getPropertySet(
+ "security-manager-get-environment-variable");
+
+ if (_log.isDebugEnabled()) {
+ Set<String> environmentVariables = new TreeSet<String>(
+ _environmentVariables);
+
+ for (String environmentVariable : environmentVariables) {
+ _log.debug(
+ "Allowing access to environment variable " +
+ environmentVariable);
+ }
+ }
+ }
+
protected boolean isDefaultMBeanServerInterceptor(Class<?> clazz) {
String className = clazz.getName();
@@ -757,5 +780,6 @@ public class RuntimeChecker extends BaseReflectChecker {
private static Log _log = LogFactoryUtil.getLog(RuntimeChecker.class);
private Set<String> _classLoaderReferenceIds;
+ private Set<String> _environmentVariables;
}
\ No newline at end of file
liferay-plugin-package.properties
INI
1 2 3 4 5 6 7 8 9 10 11
#
# To support simple calls to System.getenv(String name); declare comma delimited list of env variables.
#
security-manager-get-environment-variable=\
LD_LIBRARY_PATH,\
PATH
 
#
# To support calls to System.getenv(); one must declare accessing any env variables using '*'.
#
security-manager-get-environment-variable=*

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.