I'm trying to prohibit the call to System.exit(int);
in some jars.
These jars will be developed by external teams and loaded by our "container" application .
My first reflex is to use the java security manager:
-Djava.security.manager-Djava.security.debug=all
with the simplest ${user.home}/.java.policy
file :
grant {};
Although I can no longer call such as System.getProperties () (since I do not have java.util.PropertyPermission), I can do a System.exit (0) !!
The option java.security.debug=all
gives the following console:
scl: getPerms ProtectionDomain (file: my-bin-path <no sign certificates>)
sun.misc.Launcher $ AppClassLoader @ 10385c1
<no principals>
java.security.Permissions @ 15b7986 (
(java.lang.RuntimePermission exitVM)
(java.io.FilePermission \my-bin-path\- read)
)
Why do all classes in my-bin-path have java.lang.RuntimePermission exitVM
granted ?????
thanks
because invoking System. exit() kills your JVM, invoking this from Tomcat or Jetty, will not only kill your application but the most likely server itself. This can be potentially dangerous if that server also hosts other critical applications, which is not uncommon at all.
The main alternative is Runtime. getRuntime(). halt(0) , described as "Forcibly terminates the currently running Java virtual machine". This does not call shutdown hooks or exit finalizers, it just exits.
exit() method exits current program by terminating running Java virtual machine. This method takes a status code. A non-zero value of status code is generally used to indicate abnormal termination.
In most cases we use System. exit(1), if we are calling jar through script and there is an negative use case it is expected to return exit code 1 or above, then the script will capture the code and use it for the further decision.
According to the bug report, http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4286238, the policy file wasn't dis-allowing System.exit() calls. I'm running an application with Java 1.6 and am still seeing this bug despite it being "resolved." Similar to the OP, I have a system wide policy file which does not include a permission for exitVM. However, I am able to exit the application without any exception being thrown.
My understanding of including a custom policy file is that all permissions are blacklisted except those included in the policy file. Since exitVM is not included it should be disallowed (overriding the default permission mentioned by MicSim). But this is not the case.
From the Javadoc of RuntimePermission:
Note: The "exitVM.*" permission is automatically granted to all code loaded from the application class path, thus enabling applications to terminate themselves.
Reading this, it seems you have to explicitly deny this permission by writing your own SecurityManager. (For an example, see this answer: Prevent System.exit to actually exit the JVM)
Alternatively you could do AOP and intercept System.exit. Doing that yourself would be: create your own class loader and use BPEL to trace System.exit, and patch those calls. Really not a large effort.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With