From root@turing.morons.org  Wed Oct 24 00:47:00 2007
Return-Path: <root@turing.morons.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6ADB716A469
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Oct 2007 00:47:00 +0000 (UTC)
	(envelope-from root@turing.morons.org)
Received: from turing.morons.org (turing.morons.org [208.96.51.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 7486813C4A5
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Oct 2007 00:47:00 +0000 (UTC)
	(envelope-from root@turing.morons.org)
Received: by turing.morons.org (Postfix, from userid 0)
	id EEDF217121; Tue, 23 Oct 2007 17:17:02 -0700 (PDT)
Message-Id: <20071024001702.EEDF217121@turing.morons.org>
Date: Tue, 23 Oct 2007 17:17:02 -0700 (PDT)
From: Nick Johnson <freebsd@spatula.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: JVM ignores $JAVA_HOME/jre/lib/security/java.security 
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         117436
>Category:       java
>Synopsis:       JVM ignores $JAVA_HOME/jre/lib/security/java.security
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-java
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 24 00:50:01 UTC 2007
>Closed-Date:    Mon Oct 29 02:47:18 UTC 2007
>Last-Modified:  Mon Oct 29 02:47:18 UTC 2007
>Originator:     Nick Johnson
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
morons.org 
>Environment:
System: FreeBSD turing.morons.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Jan 21 16:53:54 PST 2007 root@turing.morons.org:/usr/src/sys/i386/compile/TURING i386

java version "1.5.0_13-p7"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13-p7-root_23_oct_2007_13_48)
Java HotSpot(TM) Client VM (build 1.5.0_13-p7-root_23_oct_2007_13_48, mixed mode)


	
>Description:

>                 >                  >                   >                   >
The FreeBSD JDK does not process $JAVA_HOME/jre/lib/security/java.security,
so any security customizations made by an administrator will be ignored by
the JVM; everything will get the compile-time defaults.  One common way this
manifests is by InetAddress caching everything forever, despite attempting
to configure its caching behaviour. 

	
>How-To-Repeat:
Save this code as Test.java, compile it, and run it with truss.  Grep the
output and observe that java.security is never stat'ed or open'ed.

[snip]

import java.net.*;

public class Test {
        public static void main(String[] args) throws Exception {
                InetAddress address = InetAddress.getByName("freebsd.org");
                System.out.println(address);
        }
}

[snip]

On other architectures, including Linux and Windows, executing the Test 
program will result in a read of java.security.

	
>Fix:

Unknown at this time.

One way (albeit very ugly) to get around the InetAddress caching problem
is to edit j2se/src/share/classes/java/net/InetAddress.java and change
these lines:

    private static Cache addressCache =
        new Cache(InetAddressCachePolicy.get());

    private static Cache negativeCache =
        new Cache(InetAddressCachePolicy.getNegative());


to read:


    private static Cache addressCache =
        new Cache(InetAddressCachePolicy.NEVER);

    private static Cache negativeCache =
        new Cache(InetAddressCachePolicy.NEVER);

and then recompile.

	


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: glewis 
State-Changed-When: Mon Oct 29 02:46:20 UTC 2007 
State-Changed-Why:  
Closing since the problem appears to have been resolved by cleaning and 
rebuilding and I can't reproduce it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=117436 
>Unformatted:
