Uploaded image for project: 'Lucene - Core'
  1. Lucene - Core
  2. LUCENE-7135

Constants check for JRE bitness causes SecurityException under WebStart

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5
    • Fix Version/s: 7.0, 6.3, 5.5.4
    • Component/s: core/other
    • Labels:
      None
    • Environment:

      OS X 10.11.4, Java 1.8.0_77-b03 (under WebStart)

    • Lucene Fields:
      New, Patch Available
    • Flags:
      Patch

      Description

      I have an app that I deploy via WebStart that uses Lucene 5.2.1 (we are locked to 5.2.1 because that's what LanguageTool uses).

      When running under the WebStart security manager, there are two locations where exceptions are thrown and prevent pretty much all Lucene classes from initializing. This is true even when we sign everything and specify <security><all-permissions/></security>.

      1. In RamUsageEstimator, fixed by LUCENE-6923
      2. In Constants, caused by the call System.getProperty("sun.arch.data.model") (stack trace below).
        Error: Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "sun.arch.data.model" "read") 
        Error: 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) 
        Error: 	at java.security.AccessController.checkPermission(AccessController.java:884) 
        Error: 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) 
        Error: 	at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(Unknown Source) 
        Error: 	at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294) 
        Error: 	at java.lang.System.getProperty(System.java:717) 
        Error: 	at org.apache.lucene.util.Constants.<clinit>(Constants.java:71) 
        Error: 	... 34 more 
        

      The latter is still present in the latest version. My patch illustrates one solution that appears to be working for us.

      (This patch, together with a backport of the fix to LUCENE-6923, seems to fix the issue for our purposes. However if you really wanted to make my day you could put out a maintenance release of 5.2 with both fixes included.)

      1. LUCENE-7135.diff
        2 kB
        Aaron Madlon-Kay

        Activity

        Hide
        trejkaz Trejkaz added a comment -

        I see this when running our unit tests also. Evidently somewhere up the call chain there is some code we don't trust calling us. We then call Lucene, which ultimately calls this stuff.

        (We're bitten by LUCENE-6923 as well, because we are still on 5.4.)

        Show
        trejkaz Trejkaz added a comment - I see this when running our unit tests also. Evidently somewhere up the call chain there is some code we don't trust calling us. We then call Lucene, which ultimately calls this stuff. (We're bitten by LUCENE-6923 as well, because we are still on 5.4.)
        Hide
        amake Aaron Madlon-Kay added a comment -

        Since there has been no action on this issue, we were forced to publish our patched version:

        Show
        amake Aaron Madlon-Kay added a comment - Since there has been no action on this issue, we were forced to publish our patched version: https://bintray.com/omegat-org/maven/lucene-core Available in JCenter as compile 'org.omegat.lucene:lucene-core:5.2.1'
        Hide
        mikemccand Michael McCandless added a comment -

        Is OS_ARCH.contains("64")) really a safe way to determine if we are running in a 64 bit JVM? Maybe we should only do this on fallback, if the security manager doesn't let us do System.getProperty("sun.arch.data.model")?

        Show
        mikemccand Michael McCandless added a comment - Is OS_ARCH.contains("64")) really a safe way to determine if we are running in a 64 bit JVM? Maybe we should only do this on fallback, if the security manager doesn't let us do System.getProperty("sun.arch.data.model") ?
        Hide
        amake Aaron Madlon-Kay added a comment -

        > Maybe we should only do this on fallback

        That's precisely what my patch does.

        Show
        amake Aaron Madlon-Kay added a comment - > Maybe we should only do this on fallback That's precisely what my patch does.
        Hide
        mikemccand Michael McCandless added a comment -

        > That's precisely what my patch does.

        Woops, sorry, I did not look closely enough: you're right!

        OK I think this is a good approach ... I'll push soon. Thanks Aaron Madlon-Kay!

        Show
        mikemccand Michael McCandless added a comment - > That's precisely what my patch does. Woops, sorry, I did not look closely enough: you're right! OK I think this is a good approach ... I'll push soon. Thanks Aaron Madlon-Kay !
        Hide
        mikemccand Michael McCandless added a comment -

        > That's precisely what my patch does.

        Woops, sorry, I did not look closely enough: you're right!

        OK I think this is a good approach ... I'll push soon. Thanks Aaron Madlon-Kay!

        Show
        mikemccand Michael McCandless added a comment - > That's precisely what my patch does. Woops, sorry, I did not look closely enough: you're right! OK I think this is a good approach ... I'll push soon. Thanks Aaron Madlon-Kay !
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 813b6855656ecd50a7a28376822bd7b65154cee8 in lucene-solr's branch refs/heads/master from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=813b685 ]

        LUCENE-7135: work around security manager when checking for 32/64 bit JVM

        Show
        jira-bot ASF subversion and git services added a comment - Commit 813b6855656ecd50a7a28376822bd7b65154cee8 in lucene-solr's branch refs/heads/master from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=813b685 ] LUCENE-7135 : work around security manager when checking for 32/64 bit JVM
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 96372be35c7c7d937561ce5d526d688ab447cd86 in lucene-solr's branch refs/heads/branch_6x from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=96372be ]

        LUCENE-7135: work around security manager when checking for 32/64 bit JVM

        Show
        jira-bot ASF subversion and git services added a comment - Commit 96372be35c7c7d937561ce5d526d688ab447cd86 in lucene-solr's branch refs/heads/branch_6x from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=96372be ] LUCENE-7135 : work around security manager when checking for 32/64 bit JVM
        Hide
        mikemccand Michael McCandless added a comment -
        Show
        mikemccand Michael McCandless added a comment - Thanks Aaron Madlon-Kay !
        Hide
        amake Aaron Madlon-Kay added a comment - - edited

        Thanks very much for your help, Michael McCandless.

        Is there any hope for a backport to 5? I suspect it will take a long time for our dependencies to move up.

        Show
        amake Aaron Madlon-Kay added a comment - - edited Thanks very much for your help, Michael McCandless . Is there any hope for a backport to 5? I suspect it will take a long time for our dependencies to move up.
        Hide
        mikemccand Michael McCandless added a comment -

        I think it's unlikely we'll do anothe 5.x release Aaron Madlon-Kay ... but I'll mark this as 5.5.4 just in case we do.

        Show
        mikemccand Michael McCandless added a comment - I think it's unlikely we'll do anothe 5.x release Aaron Madlon-Kay ... but I'll mark this as 5.5.4 just in case we do.
        Hide
        amake Aaron Madlon-Kay added a comment -

        Understood. Thanks!

        Show
        amake Aaron Madlon-Kay added a comment - Understood. Thanks!
        Hide
        mikemccand Michael McCandless added a comment -

        Reopen for possible eventual 5.5.4 backport.

        Show
        mikemccand Michael McCandless added a comment - Reopen for possible eventual 5.5.4 backport.
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 2baad4c22d05a1fcc4a09044eae868b6a5bfe1cf in lucene-solr's branch refs/heads/master from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=2baad4c ]

        LUCENE-7135: add issue number in CHANGES.txt

        Show
        jira-bot ASF subversion and git services added a comment - Commit 2baad4c22d05a1fcc4a09044eae868b6a5bfe1cf in lucene-solr's branch refs/heads/master from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=2baad4c ] LUCENE-7135 : add issue number in CHANGES.txt
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit f9e2f0c5b65b389e330a16657396a922e47fce1d in lucene-solr's branch refs/heads/branch_6x from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=f9e2f0c ]

        LUCENE-7135: add issue number in CHANGES.txt

        Show
        jira-bot ASF subversion and git services added a comment - Commit f9e2f0c5b65b389e330a16657396a922e47fce1d in lucene-solr's branch refs/heads/branch_6x from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=f9e2f0c ] LUCENE-7135 : add issue number in CHANGES.txt
        Hide
        shalinmangar Shalin Shekhar Mangar added a comment -

        This issue is marked for 6.3 but it was not backported to branch_6_3. So the fix version should be 6.4

        Show
        shalinmangar Shalin Shekhar Mangar added a comment - This issue is marked for 6.3 but it was not backported to branch_6_3. So the fix version should be 6.4
        Hide
        mikemccand Michael McCandless added a comment -

        Woops, thanks Shalin Shekhar Mangar, I fixed it.

        Show
        mikemccand Michael McCandless added a comment - Woops, thanks Shalin Shekhar Mangar , I fixed it.
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 08526f581edef098cd94e899beef2a0fff95535c in lucene-solr's branch refs/heads/branch_6_3 from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=08526f5 ]

        LUCENE-7135: work around security manager when checking for 32/64 bit JVM

        Show
        jira-bot ASF subversion and git services added a comment - Commit 08526f581edef098cd94e899beef2a0fff95535c in lucene-solr's branch refs/heads/branch_6_3 from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=08526f5 ] LUCENE-7135 : work around security manager when checking for 32/64 bit JVM
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 3366219c6edbb8c7791e8e8bab08ede5b485e2d1 in lucene-solr's branch refs/heads/branch_6_3 from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=3366219 ]

        LUCENE-7135: add issue number in CHANGES.txt

        Show
        jira-bot ASF subversion and git services added a comment - Commit 3366219c6edbb8c7791e8e8bab08ede5b485e2d1 in lucene-solr's branch refs/heads/branch_6_3 from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=3366219 ] LUCENE-7135 : add issue number in CHANGES.txt
        Hide
        mikemccand Michael McCandless added a comment -

        OK I backported this for 6.3.0

        Show
        mikemccand Michael McCandless added a comment - OK I backported this for 6.3.0
        Hide
        mikemccand Michael McCandless added a comment -

        There is a bug in the logic here: it marks a 64 bit JVM as 32 bit!

        Show
        mikemccand Michael McCandless added a comment - There is a bug in the logic here: it marks a 64 bit JVM as 32 bit!
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 92f56ea9dd72d935c21aadae6a20ee23fa9c3cf8 in lucene-solr's branch refs/heads/master from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=92f56ea ]

        LUCENE-7135: only use OS_ARCH if we couldn't access sun.arch.data.model

        Show
        jira-bot ASF subversion and git services added a comment - Commit 92f56ea9dd72d935c21aadae6a20ee23fa9c3cf8 in lucene-solr's branch refs/heads/master from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=92f56ea ] LUCENE-7135 : only use OS_ARCH if we couldn't access sun.arch.data.model
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 97c97838022efcac8ccbcffb5edf5735605fdf17 in lucene-solr's branch refs/heads/branch_6x from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=97c9783 ]

        LUCENE-7135: only use OS_ARCH if we couldn't access sun.arch.data.model

        Show
        jira-bot ASF subversion and git services added a comment - Commit 97c97838022efcac8ccbcffb5edf5735605fdf17 in lucene-solr's branch refs/heads/branch_6x from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=97c9783 ] LUCENE-7135 : only use OS_ARCH if we couldn't access sun.arch.data.model
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit a66a44513ee8191e25b477372094bfa846450316 in lucene-solr's branch refs/heads/branch_6_3 from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=a66a445 ]

        LUCENE-7135: only use OS_ARCH if we couldn't access sun.arch.data.model

        Show
        jira-bot ASF subversion and git services added a comment - Commit a66a44513ee8191e25b477372094bfa846450316 in lucene-solr's branch refs/heads/branch_6_3 from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=a66a445 ] LUCENE-7135 : only use OS_ARCH if we couldn't access sun.arch.data.model
        Hide
        amake Aaron Madlon-Kay added a comment -

        Very sorry about that!

        Show
        amake Aaron Madlon-Kay added a comment - Very sorry about that!
        Hide
        mikemccand Michael McCandless added a comment -

        No worries Aaron Madlon-Kay, stuff happens I'm just glad we caught it before 6.3.0 was out.

        Show
        mikemccand Michael McCandless added a comment - No worries Aaron Madlon-Kay , stuff happens I'm just glad we caught it before 6.3.0 was out.
        Hide
        mikemccand Michael McCandless added a comment -

        One nice side effect of this 2 day accident was it caused e.g. our nightly geo benchmark https://people.apache.org/~mikemccand/geobench.html to use NIOFSDirectory instead of MMapDirectory, so we get to see at least for this benchmark how much better MMapDirectory is!

        I'm working on nightly benchmarks for the sparse case, preview here: https://people.apache.org/~mikemccand/lucenebench/sparseResults.html#search_sort_qps

        There's an even bigger drop in that benchmark, which is what made me think there might be an issue with this change in the first place. Benchmarking is important

        Show
        mikemccand Michael McCandless added a comment - One nice side effect of this 2 day accident was it caused e.g. our nightly geo benchmark https://people.apache.org/~mikemccand/geobench.html to use NIOFSDirectory instead of MMapDirectory , so we get to see at least for this benchmark how much better MMapDirectory is! I'm working on nightly benchmarks for the sparse case, preview here: https://people.apache.org/~mikemccand/lucenebench/sparseResults.html#search_sort_qps There's an even bigger drop in that benchmark, which is what made me think there might be an issue with this change in the first place. Benchmarking is important
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 92f56ea9dd72d935c21aadae6a20ee23fa9c3cf8 in lucene-solr's branch refs/heads/apiv2 from Mike McCandless
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=92f56ea ]

        LUCENE-7135: only use OS_ARCH if we couldn't access sun.arch.data.model

        Show
        jira-bot ASF subversion and git services added a comment - Commit 92f56ea9dd72d935c21aadae6a20ee23fa9c3cf8 in lucene-solr's branch refs/heads/apiv2 from Mike McCandless [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=92f56ea ] LUCENE-7135 : only use OS_ARCH if we couldn't access sun.arch.data.model
        Hide
        shalinmangar Shalin Shekhar Mangar added a comment -

        Closing after 6.3.0 release.

        Show
        shalinmangar Shalin Shekhar Mangar added a comment - Closing after 6.3.0 release.

          People

          • Assignee:
            Unassigned
            Reporter:
            amake Aaron Madlon-Kay
          • Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development