Cannot create RandomAccessFile

Project:	JNode Core
Component:	Code
Category:	bug report
Priority:	critical
Assigned:	Unassigned
Status:	closed

A couple of times of run into this problem now. The permission system doesn't seem to want to allow RandomAccessFiles to be created. I can create a FileOutputStream with no issue, but when RAF goes to create its FileOutputStream it throws a SecurityException because org.jnode.shell.CommandRunner does not have writeFileDescriptor RuntimePermission. After giving the shell plugin writeFileDescriptor permission, i get an AccessControlException from VmAccessControlContext.

Its wierd, there's no problem create a FOS from code, but when RAF tries to create one, it gets denied by the security manager. I took a quick look at some of the code, and it seems like when RAF creates its FOS, it uses a different constructor that does a different check then when the public constructor is used.

#1

Submitted by cluster on Tue, 04/14/2009 - 12:48.

I took a look into this a bit. Whats happening is the normal FileXStream(File) constructor does a checkX(String), but RandomAccessFile does the checkX(String) itself, and then calls FileXStream(FileDescriptor), which causes a checkX(FileDescriptor), which refuses to accept RuntimePermission writeFileDescriptor.

I dont know the security code that well to know why the descriptor check is failing, but thats what i got out of it so far.

#2

Submitted by lsantha on Tue, 04/14/2009 - 14:56.

How can I reproduce this?

#3

Submitted by cluster on Tue, 04/14/2009 - 15:08.

Create an RAF from inside any command. I had it happening from org.apache.ant.tools.zip, which backs onto read/write RAF objects. But i had it happen before also, creating head and tail, i tried to use an RAF and got the same security exceptions.

I know i've used an RAF from inside jnode core before, in the java.util.zip impl, but that probably wasn't getting sidelined with multiple security checks.