<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Hello,<br>
This email is related to
<a class="moz-txt-link-freetext" href="http://security-tracker.debian.org/tracker/CVE-2011-3556">http://security-tracker.debian.org/tracker/CVE-2011-3556</a><br>
<br>
<br>
Basically, one of our RMI applications is failing to start after the
security update to java 6b18-1.8.10-0~lenny1<b><br>
<br>
</b>I have tried to run the test case specified as part of<br>
<br>
<a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470">http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470</a><br>
<a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/d27f0b2f1476">http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/d27f0b2f1476</a><br>
<br>
and it fails with an exception trace similar to:<br>
<br>
<pre class="moz-signature" cols="72">
Exceptions
2011-12-13 17:28:18,346 [main] ERROR com.gleim.gacs.Gacs - java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
java.lang.ClassNotFoundException: access to class loader denied
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
java.lang.ClassNotFoundException: access to class loader denied
at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:419)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:267)
at sun.rmi.transport.Transport$1.run(Transport.java:177)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:173)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:273)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:251)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:377)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:177)
at com.gleim.gacs.Gacs.startup(Gacs.java:49)
at com.gleim.gacs.Gacs.main(Gacs.java:103)
Caused by: java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
java.lang.ClassNotFoundException: access to class loader denied
at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)
at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:409)
Caused by: java.lang.ClassNotFoundException: access to class loader denied
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:445)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:182)
at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637)
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:264)
at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:214)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1592)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1749)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:368)
... 12 more
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission ////usr/local/gcss2/gacs/- read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at sun.rmi.server.LoaderHandler$Loader.checkPermissions(LoaderHandler.java:1173)
at sun.rmi.server.LoaderHandler$Loader.access$000(LoaderHandler.java:1127)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:409)
</pre>
The code and the test case both work fine with the the previous
security java version "1.6.0_18"<br>
<br>
OpenJDK Runtime Environment (IcedTea6 1.8.7) <b>(6b18-1.8.7-2</b>~lenny1)<br>
<br>
<br>
Is there a way for somebody to re-review <br>
<a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470">http://hg.openjdk.java.net/jdk7u/jdk7u-gate/jdk/rev/7ed2fd310470</a> ?<br>
<br>
Have a great day.<br>
<br>
-- <br>
<br>
Andrei Sura<br>
Software Developer<br>
IT Department<br>
<br>
Gleim Publications, Inc.<br>
4201 NW 95th Blvd<br>
Gainesville, FL. 32606<br>
<a class="moz-txt-link-freetext" href="http://www.gleim.com">http://www.gleim.com</a><br>
</body>
</html>