Skip to content

Instantly share code, notes, and snippets.

@rotty3000

rotty3000/RuntimeChecker.java.patch

Created January 8, 2013 01:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rotty3000/4480407 to your computer and use it in GitHub Desktop.
Save rotty3000/4480407 to your computer and use it in GitHub Desktop.
Download ZIP
Fix for PACL java.lang.SecurityException: Attempted to get environment name *
Raw
liferay-plugin-package.properties
#
# To support simple calls to System.getenv(String name); declare comma delimited list of env variables.
#
security-manager-get-environment-variable=\
LD_LIBRARY_PATH,\
PATH
#
# To support calls to System.getenv(); one must declare accessing any env variables using '*'.
#
security-manager-get-environment-variable=*
Raw
RuntimeChecker.java.patch
diff --git a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
index cb358bf..67999be 100644
--- a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
+++ b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
@@ -51,6 +51,7 @@ public class RuntimeChecker extends BaseReflectChecker {
public void afterPropertiesSet() {
initClassLoaderReferenceIds();
+ initEnvironmentVariables();
}
public void checkPermission(Permission permission) {
@@ -363,6 +364,12 @@ public class RuntimeChecker extends BaseReflectChecker {
}
protected boolean hasGetEnv(String name) {
+ if (_environmentVariables.contains(name) ||
+ _environmentVariables.contains(StringPool.STAR)) {
+
+ return true;
+ }
+
Class<?> callerClass7 = Reflection.getCallerClass(7);
if (callerClass7 == AbstractApplicationContext.class) {
@@ -473,6 +480,22 @@ public class RuntimeChecker extends BaseReflectChecker {
}
}
+ protected void initEnvironmentVariables() {
+ _environmentVariables = getPropertySet(
+ "security-manager-get-environment-variable");
+
+ if (_log.isDebugEnabled()) {
+ Set<String> environmentVariables = new TreeSet<String>(
+ _environmentVariables);
+
+ for (String environmentVariable : environmentVariables) {
+ _log.debug(
+ "Allowing access to environment variable " +
+ environmentVariable);
+ }
+ }
+ }
+
protected boolean isDefaultMBeanServerInterceptor(Class<?> clazz) {
String className = clazz.getName();
@@ -757,5 +780,6 @@ public class RuntimeChecker extends BaseReflectChecker {
private static Log _log = LogFactoryUtil.getLog(RuntimeChecker.class);
private Set<String> _classLoaderReferenceIds;
+ private Set<String> _environmentVariables;
}
\ No newline at end of file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment