Message3855

Author	ecapachedev
Recipients	ecapachedev
Date	2008-11-26.23:11:19
SpamBayes Score	1.2335785e-05
Marked as misclassified	No
Message-id	<1227741083.73.0.272849485036.issue1185@psf.upfronthosting.co.za>
In-reply-to

Content
When using Jython in a container with security enabled, the "__classpath__" classpath causes a SecurityException unless there is a FilePermission grant to "__classpath__/-". Since the injection of "__classpath__" to the classpath is sort of a hack to get the JavaImporter to be used, it would seem there should be code to ignore the use of the path when loading classes. In particular, the two places I noticed an issue are: 1) org.python.core.imp.loadFromSource(String, String, PyObject) A check for dir.isDirectory() will cause the SecurityException. As a potential workaround, first check for directoryName.equals("__classpath__") and if true, return null. 2) org.python.core.SyspathJavaLoader.loadClass(String, boolean) A call to file.length() will cause the SecurityException. As a potential workaround, first check for !dir.equals("__classpath__") before proceeding to create the File and read from it.

When using Jython in a container with security enabled, the
"__classpath__" classpath causes a SecurityException unless there is a
FilePermission grant to "__classpath__/-".  Since the injection of
"__classpath__" to the classpath is sort of a hack to get the
JavaImporter to be used, it would seem there should be code to ignore
the use of the path when loading classes.  In particular, the two places
I noticed an issue are:

1) org.python.core.imp.loadFromSource(String, String, PyObject)
   A check for dir.isDirectory() will cause the SecurityException.  As a
potential workaround, first check for
directoryName.equals("__classpath__") and if true, return null.

2) org.python.core.SyspathJavaLoader.loadClass(String, boolean)
   A call to file.length() will cause the SecurityException.  As a
potential workaround, first check for !dir.equals("__classpath__")
before proceeding to create the File and read from it.

History
Date	User	Action	Args
2008-11-26 23:11:23	ecapachedev	set	recipients: + ecapachedev
2008-11-26 23:11:23	ecapachedev	set	messageid: <1227741083.73.0.272849485036.issue1185@psf.upfronthosting.co.za>
2008-11-26 23:11:23	ecapachedev	link	issue1185 messages
2008-11-26 23:11:22	ecapachedev	create