James Server
  1. James Server
  2. JAMES-636

Policy in environment.xml is... ignored?!?

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.3.0, 3.0.0
    • Fix Version/s: 3.0-M1
    • Component/s: None
    • Labels:
      None
    • Environment:
      James 2.3.0rc3 / 3.0

      Description

      I have been testing to securize James, have seen that there was the option to add to policies in the file environment.xml, but in version 2.3 and 3.0 it does not work, I suppose that it will have to do with the migration that became to Phoenix 4.2 from 4.0.1, seems simply that, ignores them quiet and it treats it like a AllPermission, stranger.

      In James 2.2 if no policy is configured, phoenix.log says:
      [Phoenix.] (): No policy specified in server.xml, giving full permissions to ServerApplication.

      In 2.3 / 3.0 no message show...

      I haves used a policy Like this, and... never throws security exceptions...
      <policy>
      <grant code-base="file:$

      {app.home}${/}lib${/}*">
      <permission class="java.io.FilePermission"
      target="${app.home}

      $

      {/}

      *"
      action="read,write" />
      </grant>
      </policy>

      I have even proven to make a FileInputStream of /etc/passwd and... has eaten it, not security exception
      In Loom 1.0-rc3 is the same, policy is ignored...

      At the moment the workarround is modifying directly the policy of phoenix-loader.jar and restrict it at global level of the JVM.

      I have opened a ticket in Codehaus for Loom 1.0rc3, in the case of Phoenix... "two stones"
      See also: http://jira.codehaus.org/browse/LOOM-81

      I inform, in case somebody can make some thing.

      1. james.policy
        3 kB
        Guillermo Grandes

        Activity

        Hide
        Guillermo Grandes added a comment -

        Well, my phoenix.sh is a little diferent... i don't have any goto but yes, i'm using security manager, my running command line is:

        /usr/java/java15/bin/java
        -Dprogram.name=JAMES1 -Xms128m -Xmx256m
        -Djava.ext.dirs=/opt/james/lib:/opt/james/tools/lib
        ! -Djava.security.manager
        ! -Djava.security.policy=jar:file:/opt/james/bin/phoenix-loader.jar!/META-INF/java.policy
        -Dphoenix.home=/opt/james
        -Djava.io.tmpdir=/opt/james/temp
        -jar /opt/james/bin/phoenix-loader.jar

        The modified cvs-migration-snapshot code of Phoenix (I'm watching it the night of yesterday), seems to quite different from kickjava.com, this is the last version 4.2?, until now I am guiding by pages like this (and docjar.com, MacGyver style) (which to me becomes difficult to work)

        Many thanks for the info!

        Stefano Says:

        Hi Guillermo,

        I don't know/don't have time currently to look at what happened, but we could try fix things in Phoenix.

        As you can read in the JAMES_PHOENIX.txt file in the root of our source tree we're currently using a modified build of

        https://svn.apache.org/repos/asf/avalon/cvs-migration-snapshot/avalon-phoenix/

        Have you set $PHOENIX_SECURE to true before starting phoenix? I see the following things in the run scripts:

        if [ "$PHOENIX_SECURE" != "false" ] ; then

        1. Make phoenix run with security manager enabled
          JVM_OPTS="$JVM_OPTS -Djava.security.manager"
          fi

          if "%PHOENIX_SECURE%" == "false" goto postSecure

        rem Make Phoenix run with security Manager enabled
        set PHOENIX_SM="-Djava.security.manager"

        :postSecure

        Maybe this has nothing to do with your problem, but is the only information I can give to you.

        I think that Loom is not an option to James because it is simply a branch of Phoenix and it also is no more developed.

        In the future (far future) we could switch to plexus (the maven container, that is getting more interest and is supporting also avalon components) or to felix, but I think we should try to fix the security in phoenix if we find "where" to put our hands.

        Stefano

        Show
        Guillermo Grandes added a comment - Well, my phoenix.sh is a little diferent... i don't have any goto but yes, i'm using security manager, my running command line is: /usr/java/java15/bin/java -Dprogram.name=JAMES1 -Xms128m -Xmx256m -Djava.ext.dirs=/opt/james/lib:/opt/james/tools/lib ! -Djava.security.manager ! -Djava.security.policy=jar: file:/opt/james/bin/phoenix-loader.jar!/META-INF/java.policy -Dphoenix.home=/opt/james -Djava.io.tmpdir=/opt/james/temp -jar /opt/james/bin/phoenix-loader.jar The modified cvs-migration-snapshot code of Phoenix (I'm watching it the night of yesterday), seems to quite different from kickjava.com, this is the last version 4.2?, until now I am guiding by pages like this (and docjar.com, MacGyver style) (which to me becomes difficult to work) Many thanks for the info! Stefano Says: Hi Guillermo, I don't know/don't have time currently to look at what happened, but we could try fix things in Phoenix. As you can read in the JAMES_PHOENIX.txt file in the root of our source tree we're currently using a modified build of https://svn.apache.org/repos/asf/avalon/cvs-migration-snapshot/avalon-phoenix/ Have you set $PHOENIX_SECURE to true before starting phoenix? I see the following things in the run scripts: — if [ "$PHOENIX_SECURE" != "false" ] ; then Make phoenix run with security manager enabled JVM_OPTS="$JVM_OPTS -Djava.security.manager" fi — if "%PHOENIX_SECURE%" == "false" goto postSecure rem Make Phoenix run with security Manager enabled set PHOENIX_SM="-Djava.security.manager" :postSecure — Maybe this has nothing to do with your problem, but is the only information I can give to you. I think that Loom is not an option to James because it is simply a branch of Phoenix and it also is no more developed. In the future (far future) we could switch to plexus (the maven container, that is getting more interest and is supporting also avalon components) or to felix, but I think we should try to fix the security in phoenix if we find "where" to put our hands. Stefano
        Hide
        Guillermo Grandes added a comment -

        This is mi workarround custom policy to "securize" the James.
        Attatch it in case somebody wants to use it of point to begin with.

        Place policy in "$PHOENIX_HOME/bin" and change phoenix.sh to use the new policy:

        Show
        Guillermo Grandes added a comment - This is mi workarround custom policy to "securize" the James. Attatch it in case somebody wants to use it of point to begin with. Place policy in "$PHOENIX_HOME/bin" and change phoenix.sh to use the new policy: > -Djava.security.policy=jar: file:/opt/james/bin/phoenix-loader.jar!/META-INF/java.policy + > -Djava.security.policy= file:$PHOENIX_HOME/bin/james.policy \
        Hide
        Guillermo Grandes added a comment -

        I have been watching... for more info about this problem...

        http://svn.apache.org/repos/asf/avalon/cvs-migration-snapshot/avalon-phoenix/src/java/

        org/apache/avalon/phoenix/components/classloader/DefaultClassLoaderManager.java
        org/apache/avalon/phoenix/components/classloader/SarPolicyResolver.java

        I see references to:
        org.realityforge.xmlpolicy.*

        import org.realityforge.xmlpolicy.builder.PolicyBuilder;
        import org.realityforge.xmlpolicy.metadata.PolicyMetaData;
        import org.realityforge.xmlpolicy.reader.PolicyReader;

        import org.realityforge.xmlpolicy.builder.PolicyResolver;

        $PHOENIX_HOME/lib/spice-

        {salt,xmlpolicy,loggerstore,classman}

        -*.jar

        In old version snapshoted by kickjava.com:
        http://www.kickjava.com/src/org/apache/avalon/phoenix/components/classloader/DefaultClassLoaderManager.java.htm
        can't see references to org.realityforge.xmlpolicy.*

        Searching for source in google...

        http://cvs.loom.codehaus.org/browse/~raw,r=1.6/loom/loom/support/xmlpolicy/src/java/org/realityforge/xmlpolicy/builder/PolicyBuilder.java

        the ideas have finished to me.

        Show
        Guillermo Grandes added a comment - I have been watching... for more info about this problem... http://svn.apache.org/repos/asf/avalon/cvs-migration-snapshot/avalon-phoenix/src/java/ org/apache/avalon/phoenix/components/classloader/DefaultClassLoaderManager.java org/apache/avalon/phoenix/components/classloader/SarPolicyResolver.java I see references to: org.realityforge.xmlpolicy.* import org.realityforge.xmlpolicy.builder.PolicyBuilder; import org.realityforge.xmlpolicy.metadata.PolicyMetaData; import org.realityforge.xmlpolicy.reader.PolicyReader; import org.realityforge.xmlpolicy.builder.PolicyResolver; $PHOENIX_HOME/lib/spice- {salt,xmlpolicy,loggerstore,classman} -*.jar In old version snapshoted by kickjava.com: http://www.kickjava.com/src/org/apache/avalon/phoenix/components/classloader/DefaultClassLoaderManager.java.htm can't see references to org.realityforge.xmlpolicy.* Searching for source in google... http://cvs.loom.codehaus.org/browse/~raw,r=1.6/loom/loom/support/xmlpolicy/src/java/org/realityforge/xmlpolicy/builder/PolicyBuilder.java the ideas have finished to me.
        Hide
        Norman Maurer added a comment -

        The next release of james will not use avalon/phoenix anymore

        Show
        Norman Maurer added a comment - The next release of james will not use avalon/phoenix anymore

          People

          • Assignee:
            Norman Maurer
            Reporter:
            Guillermo Grandes
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development