Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fix for PACL java.lang.SecurityException: Attempted to get environment name *
#
# To support simple calls to System.getenv(String name); declare comma delimited list of env variables.
#
security-manager-get-environment-variable=\
LD_LIBRARY_PATH,\
PATH
#
# To support calls to System.getenv(); one must declare accessing any env variables using '*'.
#
security-manager-get-environment-variable=*
diff --git a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
index cb358bf..67999be 100644
--- a/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
+++ b/portal-impl/src/com/liferay/portal/security/pacl/checker/RuntimeChecker.java
@@ -51,6 +51,7 @@ public class RuntimeChecker extends BaseReflectChecker {
public void afterPropertiesSet() {
initClassLoaderReferenceIds();
+ initEnvironmentVariables();
}
public void checkPermission(Permission permission) {
@@ -363,6 +364,12 @@ public class RuntimeChecker extends BaseReflectChecker {
}
protected boolean hasGetEnv(String name) {
+ if (_environmentVariables.contains(name) ||
+ _environmentVariables.contains(StringPool.STAR)) {
+
+ return true;
+ }
+
Class<?> callerClass7 = Reflection.getCallerClass(7);
if (callerClass7 == AbstractApplicationContext.class) {
@@ -473,6 +480,22 @@ public class RuntimeChecker extends BaseReflectChecker {
}
}
+ protected void initEnvironmentVariables() {
+ _environmentVariables = getPropertySet(
+ "security-manager-get-environment-variable");
+
+ if (_log.isDebugEnabled()) {
+ Set<String> environmentVariables = new TreeSet<String>(
+ _environmentVariables);
+
+ for (String environmentVariable : environmentVariables) {
+ _log.debug(
+ "Allowing access to environment variable " +
+ environmentVariable);
+ }
+ }
+ }
+
protected boolean isDefaultMBeanServerInterceptor(Class<?> clazz) {
String className = clazz.getName();
@@ -757,5 +780,6 @@ public class RuntimeChecker extends BaseReflectChecker {
private static Log _log = LogFactoryUtil.getLog(RuntimeChecker.class);
private Set<String> _classLoaderReferenceIds;
+ private Set<String> _environmentVariables;
}
\ No newline at end of file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.