<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    Hello,<br>
    This email is related to
    <a class="moz-txt-link-freetext" href="http://security-tracker.debian.org/tracker/CVE-2011-3556">http://security-tracker.debian.org/tracker/CVE-2011-3556</a><br>
    <br>
    <br>
    Basically, one of our RMI applications is failing to start after the
    security update to java 6b18-1.8.10-0~lenny1<b><br>
      <br>
    </b>I have tried to run the test case specified as part of<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470">http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470</a><br>
    <a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/d27f0b2f1476">http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/d27f0b2f1476</a><br>
    <br>
    and it fails with an exception trace similar to:<br>
    <br>
    <pre class="moz-signature" cols="72">
Exceptions

2011-12-13 17:28:18,346 [main] ERROR com.gleim.gacs.Gacs - java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
   java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
   java.lang.ClassNotFoundException: access to class loader denied
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
   java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
   java.lang.ClassNotFoundException: access to class loader denied
   at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:419)
   at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:267)
   at sun.rmi.transport.Transport$1.run(Transport.java:177)
   at java.security.AccessController.doPrivileged(Native Method)
   at sun.rmi.transport.Transport.serviceCall(Transport.java:173)
   at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553)
   at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808)
   at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
   at java.lang.Thread.run(Thread.java:636)
   at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:273)
   at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:251)
   at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:377)
   at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
   at java.rmi.Naming.rebind(Naming.java:177)
   at com.gleim.gacs.Gacs.startup(Gacs.java:49)
   at com.gleim.gacs.Gacs.main(Gacs.java:103)
Caused by: java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
   java.lang.ClassNotFoundException: access to class loader denied
   at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)
   at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:409)

Caused by: java.lang.ClassNotFoundException: access to class loader denied
   at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:445)
   at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:182)
   at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637)
   at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:264)
   at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:214)
   at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1592)
   at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513)
   at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1749)
   at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346)
   at java.io.ObjectInputStream.readObject(ObjectInputStream.java:368)
   ... 12 more
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission ////usr/local/gcss2/gacs/- read)
   at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
   at java.security.AccessController.checkPermission(AccessController.java:553)
   at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
   at sun.rmi.server.LoaderHandler$Loader.checkPermissions(LoaderHandler.java:1173)
   at sun.rmi.server.LoaderHandler$Loader.access$000(LoaderHandler.java:1127)
   at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:409)


</pre>
    The code and the test case both work fine with the the previous
    security java version "1.6.0_18"<br>
    <br>
    OpenJDK Runtime Environment (IcedTea6 1.8.7) <b>(6b18-1.8.7-2</b>~lenny1)<br>
    <br>
    <br>
    Is there a way for somebody to re-review <br>
    <a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470">http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470</a> ?<br>
    <br>
    Have a great day.<br>
    <br>
    -- <br>
    <br>
    Andrei Sura<br>
    Software Developer<br>
    IT Department<br>
    <br>
    Gleim Publications, Inc.<br>
    4201 NW 95th Blvd<br>
    Gainesville, FL. 32606<br>
    <a class="moz-txt-link-freetext" href="http://www.gleim.com">http://www.gleim.com</a><br>
  </body>
</html>