Skip to content

Fix a failure to start as normal user, and make a custom security policy available for migrating from 1.5 #334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jcflack merged 10 commits into from
Nov 25, 2020
Merged

Fix a failure to start as normal user, and make a custom security policy available for migrating from 1.5 #334

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
5791fe9
Don't fail reading policy_urls as non-superuser
jcflack Nov 21, 2020
e1b1941
Relent on testing MSVC PG 13 in AppVeyor
jcflack Nov 21, 2020
41d9861
Implement a TrialPolicy
jcflack Nov 21, 2020
206a963
Add TrialPolicy$Permission
jcflack Nov 22, 2020
b03e86f
Old typo, benign but spams the TrialPolicy log
jcflack Nov 22, 2020
d2d03a3
Avoid blocking to log from a non-PG thread
jcflack Nov 23, 2020
3b25cf4
A duplicate line snuck in somehow
jcflack Nov 23, 2020
1d51fcf
Relent also on MinGW PG 13 in AppVeyor
jcflack Nov 24, 2020
6092da7
Add Travis and AppVeyor tests of TrialPolicy
jcflack Nov 24, 2020
bb41b33
Document TrialPolicy
jcflack Nov 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Avoid blocking to log from a non-PG thread 
There isn't a perfect method available (yet) to inquire "could I
doInPG() or log() at this moment without blocking?", so this check
may unnecessarily send the message off to System.err on occasions
when log() would have worked fine. But it's better than blocking.

In passing, add a permission to read another property that the
Java runtime started using in Java 14 but forgot to give itself
permission to read. It's at the false-alarm level of severity, as
the runtime behaves gracefully when unable to read the property,
but again, if using TrialPolicy, it kind of spams the log.
  • Loading branch information
@jcflack
jcflack committed Nov 23, 2020
commit d2d03a320f149fcf3bd61073be2d94e821bda4a4
5 changes: 5 additions & 0 deletions pljava-packaging/src/main/resources/pljava.policy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ grant {
//
permission java.util.PropertyPermission
"jdk.lang.ref.disableClearBeforeEnqueue", "read";

// Something similar happened in Java 14 (not yet fixed in 15).
//
permission java.util.PropertyPermission
"java.util.concurrent.ForkJoinPool.common.maximumSpares", "read";
};


Expand Down
19 changes: 16 additions & 3 deletions pljava/src/main/java/org/postgresql/pljava/policy/TrialPolicy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@

import static org.postgresql.pljava.elog.ELogHandler.LOG_LOG;
import static org.postgresql.pljava.internal.Backend.log;
import static org.postgresql.pljava.internal.Backend.threadMayEnterPG;
import static org.postgresql.pljava.internal.Privilege.doPrivileged;

/**
Expand Down Expand Up @@ -203,7 +204,8 @@ public boolean implies(
/*
* Construct a string representation of the trace.
*/
StringBuilder sb = new StringBuilder();
StringBuilder sb = new StringBuilder(
"POLICY DENIES/TRIAL POLICY ALLOWS: " + permission + '\n');
Iterator<StackTraceElement> it = stack.iterator();
int i = 0;
for ( ;; )
Expand All @@ -222,8 +224,19 @@ public boolean implies(
sb.append('\n');
}

log(LOG_LOG,
"POLICY DENIES/TRIAL POLICY ALLOWS: " + permission + '\n' + sb);
/*
* This is not the best way to avoid blocking on log(); in some flavors
* of pljava.java_thread_pg_entry, threadMayEnterPG can return false
* simply because it's not /known/ that PG could be entered right now,
* and this could send the message off to System.err at times even if
* log() would have completed with no blocking. But the always accurate
* "could I enter PG right now without blocking?" method isn't provided
* yet.
*/
if ( threadMayEnterPG() )
log(LOG_LOG, sb.toString());
else
System.err.println(sb);

return true;
}
Expand Down